Qatar's banking sector remains a “heavily targeted” sector for cyberattacks, Qatar Central Bank said and noted phishing attempts and user targeted social engineering attacks represented more than 50% of the overall attacks in 2019.
“This year (2019) has seen a surge in the cyber-attacks targeting the users of these organisations. Therefore, through its key risk indicators (KRIs) reporting system, the QCB’s dedicated information security department (ISD) has been able to understand the patterns and anticipate on some of the cyber threats,” the banking regulator said in its latest Financial Stability Report.
The QCB has designed a new information and cyber security organisation with a dedicated independent information security department (ISD) that not only looks after QCB itself but also the entire financial sector cyber security practice and posture.
In order to achieve this, the QCB ISD has defined a governance framework, a set of security measures via technical, policy and regulatory requirements as well as reporting mechanisms at various levels.
The new organisation structure covers both the security governance and assurance aspects of the work.
The engagement with the financial sector has been formalised with a dedicated security forum, namely the BSG (Banking Security Group) and its terms of reference, which serves as a platform to exchange information and collaborate with the banking sector primarily but also with the remaining sectors entities.
Statistics showed that in 2019, the “banking sector remained a heavily targeted sector” with all the layers being seen as opportunity to steal valuable information assets, QCB noted.
The phishing attempts and user targeted social engineering attacks represented more than 50% of the overall attacks, while the remaining portion aims at the systems or network infrastructure, it said.
Cybercrime campaigns targeting banks with sophisticated malicious emails leveraged advanced malware packages such as ‘EMOTET’.
The cyber threat activity increased by 50% in 2019, QCB pointed out. As a result, QCB developed “practices and response mechanisms” in order to “limit” such risks and “anticipate” those types of attacks, “ramping up” the awareness messages, training of the users and the development of cyber security capabilities.
This year, the QCB ISD is defining new programs that will enhance the overall posture of the financial sector overall including the new entrants- the Fintech organisations, QCB said.
The QCB ISD has developed a new set of regulatory requirements to cater for the acceptance of Fintech entities as financial sector entities as part of the QCB Fintech Sandboxing process.