Strengthening Oman's Economic Backbone

On the blissful dawn of Jan. 1, 2020, an unexpected menace in the form of a ransomware intrusion shattered the jubilant spirit of the IT department of Oman United Insurance Company SAOG. 

The attackers hit the main servers, and infected and encrypted their data, leading to a loss of data dated from Dec. 10, 2019, to the day of the attack. Luckily, the attack lasted only for one day, and by Thursday, Jan. 2, 2020, the company was able to recover lost data, all thanks to a robust backup system.    

The Oman Insurance Company SAOG was undeniably fortunate, considering that that same year, Oman recorded a staggering 123 million Web application attempts with over 417,000 confirmed attacks and over $1 million in losses. 

The alarming number of confirmed attacks mentioned above actually represents a 13% decrease compared with the nearly 500,000 confirmed attacks reported by the Oman government in 2019. According to the annual report posted by the Ministry of Technology and Communication, this improvement in Oman's cybersecurity stance was due to the intense security assessments that government websites were subjected to. This assessment exposed over 41,000 vulnerabilities and 13,000 Internet Protocol addresses that were discovered, analyzed, and fixed by the ministry. 

Oman is one of the few Persian Gulf countries known for its high-level cybersecurity strategy, which was put in place in 2010 when the Oman Computer Emergency Readiness Team (OCERT) was launched. This organization was tasked to detect and analyze cyber-risks in the country and to raise cyber awareness at the nation's fundamental level. It's no wonder the number of attempted cyberattacks in Oman plummeted from 880 million in 2017 to 12 million in 2022. 

A New Cybersecurity Framework by the Central Bank of Oman

Speaking of a cybersecurity strategy and master plan, the Central Bank of Oman recently issued a new security framework to make it difficult for cyberattackers to successfully defraud its banks and citizens.

In September 2023, the Central Bank of Oman (CBO) issued a new Regulatory Framework for cybersecurity and Resilience. This new regulation mandates banks, financing and leasing companies, payment service providers, and money exchange companies to meet a set of minimum requirements to build a financial industry resilient against cybersecurity risks.

This new regulation is organized into six fundamental categories, referred to as "Control Domains" or pillars. Each domain represents a distinct area of focus and guidelines for implementing security measures. They include:

By implementing this new framework, the CBO intends to establish guidelines for licensed institutions to have the ability to handle cybersecurity risks. The goal is to maintain the same standard of cybersecurity controls across all licensed financial institutions operating in Oman, ensuring uniformity in their ability to manage such risks. 

Impacts

By implementing and adhering to the regulatory Framework for Cybersecurity and Resilience, banks and financial institutions in Oman will have enhanced capabilities to safeguard themselves from various types of cyber threats. Not only this, but if the set minimum requirements are met, financial institutions in Oman will have predefined protocols in place to help them swiftly respond to cyber incidents and minimize potential damage control.

Since this new framework will decrease the likelihood of successful cyberattacks, Oman's financial industry can avoid significant financial losses associated with data breaches and cybercrimes. Moreover, a secure financial sector fosters confidence among investors and the general public, so this new framework could promote stability in Oman's financial market. 

By implementing this new framework, Oman's finance industry is a step closer to meeting international security standards and possibly attract international investments and partnerships. Also, it enhances customer trust as security measures assure customers that their financial transactions and sensitive information are safe.