How is Qatar defending its cyber security efforts in preparation for FIFA World Cup 2022?

Qatar will become the first Middle Eastern country to host the FIFA World Cup in 2022 at its new 80000-capacity Lusail Iconic Stadium.

In light of hosting the world’s largest sporting event, the Middle East has come under increasing scrutiny over the state of its security and technological landscape. To date, the region, like most developed countries, is more vulnerable to cyberattacks given its digitally connected countries and high smartphone adoption rate. Just in first half of 2019, the region has already experienced a growing number of attacks according to DarkMatter, a cybersecurity firm based in the UAE.

But why is FIFA a target for cyberattacks?

In 2018’s FIFA World Cup held in Russia, President Vladimir Putin declared that the nation was a target for almost 25 million cyberattacks.

Putin shared: "During the period of the World Cup, almost 25 million cyberattacks and other criminal acts on the information structures in Russia, linked in one way or another to the World Cup, had to be neutralised," reported on Economics Times.

These cyberattacks can come in various forms such as malware, phishing, fraudulent attacks as well as financial scams.

What are some of the most common types of cyberattacks that takes advantage of fans’ enthusiasm for FIFA?

1.      Malware disguised as official applications

Malware can be easily disguised as credible and official sources, from streaming apps to game predicting sites. In the days leading up to the event, World Cup–themed spam emails were flooding inboxes while fake webpages offered giveaways in an effort to steal money and personal information.

This is what cybersecurity specialists’ term as ‘social engineering’ which refers to internet threats like phishing, scams, and even certain kinds of malware, such as ransomware.

“Golden Cup” is an example of an app that is widely used to stream data and records from past and present games. It was hacked by cybercriminals to install spyware on devices of unsuspecting fans.

2.      Financial scams and fraud

Users are also exposed to non-malware related online scams such as ticket fraud and bogus merchandise offers. It all happens when credit card data and banking details are stored on fraudulent applications or websites. Hackers can gain access to user account information if purchases or bookings are not secured. These information are not only limited to bank account details, but also Personally Identifiable Information (PII), such as their Social Security Number.

As a result, even legitimate websites can be victims of cybercrime, often via sabotage, defacement or denial-of-service (DDoS) attacks. These can lead to both financial and reputational damage.

In the same speech that Putin addressed to Russia on the success of the World Cup in 2018, he highlighted that "Behind this (World Cup) success lies huge preparatory, operational, analytical and information work, we operated at maximum capacity and concentration”.

In the same way, Qatar will also need to take preventive measures to protect the nation and its citizens from a cyber warfare by applying these past learning points.

What are the key cybersecurity projects already in place for Qatar?

Qatar is placing greater emphasis on a variety of areas – Internet of Things and industrial control systems, national cybersecurity capabilities, cybersecurity risk management, and cybersecurity operations for venues.

·        Project Stadia

The launch of Project Stadia was to create a Centre of Excellence to help Interpol member countries in planning and executing policing and security preparations for major sporting events.

As part of the project, the team organises annual expert group meetings as well as workshops, covering key themes of legislation, physical security and cybersecurity for each session.

These initiatives bring together global experts covering law enforcement, event organising committees, the government, the private sector, academia and civil society to explore state-of-the-art research and analysis on security. The team also aims to develop recommendations for planning and executing security arrangements for major international sporting events.

·        Cross-border relations with other countries

Qatar is also managing and strengthening its ties with other tech hubs in the world to enhance its cybersecurity efforts.

Qatar and the UK have explored opportunities in co-operating cybersecurity efforts especially in view of the growing financial sector relations between the two countries. This includes having bilateral discussions on the rising importance of cybersecurity within financial services, Qatar’s growing financial sector, and the lucrative business opportunities available in the market.

Similarly, Qatar and Singapore are currently working aggressively to enhance their bilateral relations where both countries are currently focusing to expand and deepen cooperation that include security, fintech, and cybersecurity, amongst other sectors.

What are the key cybersecurity skills to have?

Security remains one of the biggest IT issues in the Middle East, with more than two-thirds or 68 per cent of organisations lacking the internal capabilities to protect against sophisticated cyberattacks, according to recent research from Symantec and Deloitte.

Top cybersecurity languages that specialists will need to be familiar with includes:

·        C and C++

·        Python

·        Javascript

·        PHP

·        SQL

PHP as well as SQL are growing to become a necessity in the field as more cases of DDos attacks continue to make web applications unavailable to intended users. With PHP programming knowledge, coupled with skills in other technologies like JavaScript, one can then implement robust solutions to secure your company’s web applications.

While not all cybersecurity professionals have — or require — coding skills, some knowledge of at least a couple of languages would position candidates to be favourable for long-term success in the field.

Don’t risk a yellow card for the upcoming FIFA

Caution should always be exercised as the event draws near and you do not have to be a FIFA fan or a security expert to take precaution in the growing cyber landscape in the Middle East. If your company is interested to find talent that would suit your cybersecurity needs, please feel free to drop me an email at [email protected]. Alternatively, do check out our website and follow us on our LinkedIn page for more industry-related updates.