Request a Demo
Cygilant Blog

3 Important Lessons from the QNB Hack

Posted by Vijay Basani on Jun 6, 2016



News broke in late April 2016 that Qatar National Bank (QNB), the second largest financial institution in Africa and the Middle East, had suffered a massive data breach. Details of this compromise have been hard to come by, and what hackers and other groups might be doing with the data leaked from QNB remain a matter of speculation for now. QNB has since released two statements that provide a few details about the intrusion.

QNB Statements on the Breach

On April 26, 2016, QNB issued a statement that said the bank would not comment on "reports circulated via social media" regarding an "alleged data breach" and that "there is no financial impact on our clients or the Bank."


A few days later, on May 1, QNB followed up with a second statement. This one acknowledged that the institution's "Risk Team" had "monitored abnormal activity in our system environment" and forwarded the information to the relevant authorities. QNB also said the "attack only targeted a portion of Qatar based customers," and admitted it was true that some material reportedly leaked from the institution into the public domain. The bank believes "the nature of this incident is fundamentally an attempted attack on QNB Group’s reputation." In response, QNB has "engaged an external third party expert to review all our systems to ensure no vulnerabilities exist."


These two statements provide three key cybersecurity lessons for organizations interested in improving their digital defenses.

Lesson #1: Lawsuits and Reputation Matter

QNB's second statement makes an unusual remark: that the attack was fundamentally aimed at the institution's reputation. But perhaps that is not so surprising. After all, if hackers succeed at making a company look bad in the news—for being a poorly secured breach victim, for instance—then the firm's customers might be more likely to sue rather than to forgive. That can damage the company, which might be the ulterior motive of the hackers. Some companies have faced lawsuits in the wake of a hack before, as EiQ has discussed previously.

Lesson #2: A Proactive Security Stance is Crucial

According to QNB's second statement, the financial institution has hired a third party to look over the bank's systems in search of vulnerabilities—but the hack had already happened by then. In other words, when it comes to vulnerabilities, QNB has been situated in a reactive security posture. They waited for a hack to happen before finally hiring someone to patch up the vulnerabilities.


What businesses should do instead is adopt a proactive mindset: find the weaknesses in the IT network before the hackers do. This technique is called vulnerability management, and it is an integral part of EiQ's SOCVue service.

Lesson #3: Network Security Monitoring is Paramount

QNB's second statement notes that the bank's "Risk Team" saw abnormal activity on its systems—which suggests the bank understood the importance of network security monitoring prior to the breach. In short, network security monitoring is the practice of watching IT systems for unusual or suspicious behavior, such as hackers probing for open ports or vulnerabilities.


While QNB were able to identify suspicious activity on their servers, they did not take any steps to prevent the hack. Perhaps their internal "Risk Team" was overloaded with responsibilities and could not respond in time to stop the data leak. That is why it's often a good idea for firms, especially SMEs, to outsource their network security monitoring to a qualified team of cybersecurity professionals.


Had QNB addressed these red flags early on, they could have avoided this hack and kept their customers' data secure. They would have also prevented the resulting damage to their reputation.


Is Your Organization Ready to Battle Cyber Attacks?

Find out with EiQ’s free, 10-question cyber security readiness assessment! Sign up now to see how prepared you are to identify threats and vulnerabilities, mitigate risks, and enable compliance.

Find Out How Prepared You Are!


Feature Photo: Makushin Alexey /

Tags: Data Breach, Cybersecurity, Hacking, InfoSec, Financial Services

Subscribe to Email Updates

Experience how Cygilant SOCVue and 24x7 GSOC Team can help detect threats, prioritize vulnerabilities and apply patches.

Request a Demo

Most Recent Posts

Posts by Topic

See All