This first appeared on Qatar Tribune
Introduction
Clients have adopted digital ways of working, and this transformation is significantly impacting how businesses operate in Qatar, and how they compete on the local and global scenes. The amount of data that organisations are creating, processing, storing and sharing has grown exponentially. Industry estimates suggest that at least 2.5 quintillion bytes of data are produced every day (that’s 2.5 billion gigabytes, or 2.5 followed by 18 zeros!). As a natural consequence, data security has become more important than ever.
Advances in technology, shifts to online transactions and increased hybrid working, accelerated by the pandemic, have led to enhanced threats to data security. In the last two years organisations, employees, governments, and supply chains have had to quickly adapt to managing emerging data risks. With data being shared across wider networks, organisations and jurisdictions, consumer trust is paramount, and organisations in Qatar need to protect their information to retain their competitive advantage and reduce the risk of exposing themselves to potential privacy violations.
The FIFA World Cup, a markedly global event, will likely attract high-profile data attacks and pose significant data security threats for hosting countries. With more than 1.7 million1 people expected to visit Qatar over the course of the event taking place from 21 November until the final on 18 December, and approximately 500,000 visitors per day at its peak, the opportunity for lucrative cybercrime targeting is high. Russia for example, faced over 25 million cyber-attacks on its information infrastructure over the course of the 2018 FIFA World Cup.2
With the spotlight on Qatar, organisations will have to be more prepared than ever. The average cost of a data breach in 2020 for the Middle East was $6.53 million which is approximately twice the global average.3 As the World Cup approaches, it is even more important to have appropriate controls in place in order to mitigate any detrimental impact on your business operations and reputation.
So, what are the top three protection risks that need to be addressed?
We looked at the most recent data protection incidents around the world, examining root causes and identified three main risks for the Qatar market that need to be addressed proactively:
- Data breach: Data theft from private business organisations and government entities is one of the largest risks that Qatar could be facing during the World Cup. The breach of sensitive data such as visitor or government official personal information could lead to major operational, financial, regulatory and reputation damage. The most frequent reason for data breaches is due to organisations having weak data protection security controls, such as weak credentials or poor encryption, making them easy targets for threat actors.
- Ransomware attacks: Ransomware attacks on critical national infrastructure could cause systems to become unusable and lead to disruption in services and reputational damage at a large scale. In the past year alone phishing attacks amounted to 6.7% of all the data breaches.4 This is of particular concern for Qatar as it had an estimated 2,0335 COVID-19 themed phishing attacks in Q1 2020. Predictions for 2022 show that there could be significant increase in these types of attacks.6
- Third party data protection risks: According to PwC’s Digital Trust Survey for the Middle East, only 40% organisations fully understand third party data protection risks.7 Nearly a quarter have little or no understanding of these risks — a major blind spot of which cyber attackers are well aware of and willing to exploit. Around 19% of data incidents in our study were due to lack of third party controls.
Based on our research, from the sector perspective, we found that the top three sectors that are likely to be targeted by threat actors are Financial Services, Manufacturing, and Energy. These three happen to be key drivers of Qatar’s GDP.
What can you do to prepare?
With just a few months left until the World Cup kick-off, it is important to act now, especially if you don’t have a plan in place to address the top three risks.
We have devised five recommendations that you could consider to develop your own action plan. While this is not an exhaustive list, it will give you greater protection and these controls can continue to keep your organisation secure.
1. Classify assets and establish what is important: Classify and establish asset and data inventory to understand what needs to be secured. For a given budget, data protection controls should be proportionate to risks and the value you are trying to secure.
2. Control physical and logical access: It is important to prevent attackers from gaining physical access to data. End user and administrator access should be closely monitored and controlled. Establishing a strong password policy and other access controls, for example, multifactor deployment could help to keep your data safe.
3. Security awareness: Properly trained users have a better understanding of the security and risks associated with data protection. Invest in your people to increase the level of awareness.
4. Third party risk management: Review your high-risk suppliers for any data protection risks and develop mitigation strategies. Outsourcing activities to third parties does not make you any less accountable.
5. Incident detection, response, and recovery: Even with the best data protection controls in place, incidents are likely to happen. Deploy processes to regularly monitor, detect, respond to any possible data protection incident.
1) Gulf Investment Fund (GIF)
2) 25 million cyber-attacks targeted at Russia during World Cup
3) 2020 IBM Report: Average cost per data breach incident in the Middle East stands at $6.53 Million
4) 2022 Global Digital Trust Insights Survey
5) Estimated 2033 COVID-19 themed phishing attacks
6) 2022 Global Digital Trust Insights Survey
7) 2022 Global Digital Trust Insights Survey
At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 156 countries with over 295,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com.
Established in the Middle East for 40 years, PwC has 22 offices across 12 countries in the region with around 7000 people. (www.pwc.com/me).
PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.
© 2022 PwC. All rights reserved
