facebooktwittertelegramwhatsapp
copy short urlprintemail
+ A
A -
webmaster
Tribune News Network
Doha
The FIFA World Cup will likely attract high-profile data attacks and pose significant data security threats for hosting countries, according to PwC.
With more than 1.7 million people expected to visit Qatar over the course of the event taking place from November 21 until the final on December 18, and approximately 500,000 visitors per day at its peak, the opportunity for lucrative cybercrime targeting is high, the ratings agency argued.
“Russia for example, faced over 25 million cyber-attacks on its information infrastructure over the course of the 2018 FIFA World Cup.”
With the spotlight on Qatar, it said organisations will have to be more prepared than ever.
“The average cost of a data breach in 2020 for the Middle East was $6.53 million which is approximately twice the global average.”
As the World Cup approaches, PwC said it was even more important to have appropriate controls in place in order to mitigate any detrimental impact on your business operations and reputation.
So, what are the top three protection risks that need to be addressed?
The company has looked at the most recent data protection incidents around the world, examining root causes and identified three main risks for the Qatar market that need to be addressed proactively — data breach, ransomware attacks and third party data protection risks.
Data breach
Data theft from private business organisations and government entities is one of the largest risks that Qatar could be facing during the World Cup. The breach of sensitive data such as visitor or government official personal information could lead to major operational, financial, regulatory and reputation damage. The most frequent reason for data breaches is due to organisations having weak data protection security controls, such as weak credentials or poor encryption, making them easy targets for threat actors.
Ransomware attacks
Ransomware attacks on critical national infrastructure could cause systems to become unusable and lead to disruption in services and reputational damage at a large scale. In the past year alone phishing attacks amounted to 6.7% of all the data breaches. This is of particular concern for Qatar as it had an estimated 2,033 COVID-19 themed phishing attacks in Q1 2020. Predictions for 2022 show that there could be significant increase in these types of attacks.
Third party data protection risks
According to PwC’s Digital Trust Survey for the Middle East, only 40% organisations fully understand third party data protection risks. Nearly a quarter have little or no understanding of these risks — a major blind spot of which cyber attackers are well aware of and willing to exploit. Around 19% of data incidents in our study were due to lack of third party controls.
Based on its research, from the sector perspective, PwC found that the top three sectors that are likely to be targeted by threat actors are Financial Services, Manufacturing, and Energy. These three happen to be key drivers of Qatar’s GDP.
What can you do to prepare?
With just a few months left until the World Cup kick-off, it is important to act now, especially if you don’t have a plan in place to address the top three risks.
PwC has devised five recommendations that you could consider to develop your own action plan. While this is not an exhaustive list, it will give you greater protection and these controls can continue to keep your organisation secure.
1. Classify assets and establish what is important: Classify and establish asset and data inventory to understand what needs to be secured. For a given budget, data protection controls should be proportionate to risks and the value you are trying to secure.
2. Control physical and logical access: It is important to prevent attackers from gaining physical access to data. End user and administrator access should be closely monitored and controlled. Establishing a strong password policy and other access controls, for example, multifactor deployment could help to keep your data safe.
3. Security awareness: Properly trained users have a better understanding of the security and risks associated with data protection. Invest in your people to increase the level of awareness.
4. Third party risk management: Review your high-risk suppliers for any data protection risks and develop mitigation strategies. Outsourcing activities to third parties does not make you any less accountable.
5. Incident detection, response, and recovery: Even with the best data protection controls in place, incidents are likely to happen. Deploy processes to regularly monitor, detect and respond to any possible data protection incident.

Report prepared by
Firas Sleiman,
Partner and Qatar Technology and Cyber Leader
Email: [email protected]

Nakul Srivastava
Director, Data Privacy and Information Security
Email: [email protected]
copy short url   Copy
15/06/2022
10