National Cybersecurity Center (NCSC) Bassam Maharmeh said Saturday his institution has put forward a draft national cybersecurity framework, a program to protect information systems of the public and private sectors. The draft is a set of procedures, controls, mechanisms and standards that institutions must adopt and apply to enhance the security of the Kingdom’s cyber systems and move into a higher level in information protection, he said in an interview with Petra, noting that most institutions do not apply certain cybersecurity standards. The standards that will be incorporated into the national cybersecurity framework will be mandatory with a grace period at the start, he said, expressing hope that the center will receive feedback and respond in order to proceed with approval procedures according to the rules, as each institution will adopt controls pending the type of threat it faces. Maharmeh said the NCSC last year dealt with 1,362 incidents involving government institutions and private companies, 26 percent of which were high-risk and serious. The health sector was most targeted in 2022 accounting for 9 percent of the total cyber attacks, followed by the commercial sector, including medium and small businesses that lacked the resources to protect their data, in addition to other key government institutions that were constantly being hacked, according to NCSC statistics. Maharmeh said each country is targeted according to its geographical and political status, adding that the center is a national institution that deals with attacks and threats to institutions that may threaten national security or basic services in the country. The center, he added, detects and warns against threats and breaches, helps those exposed to recover and raises awareness among the public on the need to protect their data. He said the cybersecurity center has a key role in drafting legislation, controls and regulatory frameworks to protect against cyber attacks, pointing to two types of threats: organized cybercrime that targets government entities, companies, universities, hospitals and other institutions with the aim of stealing data for profit, and state-sponsored groups that mainly target government institutions for espionage, theft or gathering information.
Source: Jordan News Agency