Medium and small businesses face most risk from cyber attacks

Cybercrime is not new. Most businesses have some form of cybersecurity in place.

However, the number of threats - and businesses being held to ransom - are dramatically increasing. According to the World Economic Forum, one business gets hacked every three seconds. WEF sights cyberattacks as the second risk of greatest concern for business globally over the next 10 years.

According to the United States Federal Bureau of Investigation (FBI) 2018 Internet Crime Report, the organisation receives an average of 300,000 cybercrime complaints per year - that's an average of 900 per day! This is such a concern that in October 2019, the FBI issued a public national warning to all US businesses.

The cost of cybercrime on global businesses is substantial and financial losses have increased significantly. US firm Cybersecurity Ventures estimated that global damages could be as high as $6 trillion by 2021.This amounts to a loss of close to seven per cent of the global GDP.

The UAE is as sophisticated as any other country in its national data protection and the Government has established a National Cybersecurity Strategy to tackle this issue. However, given that Dh1.8 billion is spent on cybersecurity in the UAE each year (and Dh18 billion in Mena), it is fair to say that our businesses are not exempt from attacks.

According to Tarek Ghoul, CEO of Coordinates, a home-grown UAE Corporate Cyberdefense firm, medium and small size businesses are at a heightened risk with a false sense of security.

"Unfortunately, we estimate that 96 per cent of CEO's think their company is safe from cyberattacks because they have an off-the-shelf 'box'. The truth is that an unsophisticated hacker can smash that box in minutes and hold companies to ransom for however much money they choose."

The simplest yet more effective weapon of choice of hackers is called Ransomware. It is a type of malware that threatens to publicise the victim's data or perpetually block access to it unless a payment is made. Ransomware is not a single programme bought by hackers from a store. It is something they personally craft and evolve every single day to be smarter, stronger and faster. That's why off-the-shelf solutions only work at a basic level.

In addition, being held to ransom by hackers doesn't only have a financial cost, it has a significant impact on the organisation's services, reliability and reputation in the eyes of the public, shareholders, and employees. In short, a hacked company can go bust very quickly. CEOs and management need to continue educating themselves about the extent to which they are held responsible in such cases.

Whilst the largest firms such as banks and utilities deploy teams of specialists to monitor and fight against cyberattacks, it is the medium and small businesses that are at most risk.

Ghoul explains "If you were a thief, you would target the less protected places because you have the highest chance of success. Hackers know that medium and small size businesses have very basic defenses. Coordinates was setup - to defend all UAE businesses - large or small - with the bespoke service that is usually only affordable and provided to the top four per cent of businesses."

Coordinates was established by Ghoul in 2015 to offer a service they call Adaptive Bespoke Cybersecurity (ABC) - a programme and a service, not a box. Their teams will continuously assess, monitor and detect cyberthreats 24/7 and provide the right defense and remediation for each company. Importantly, they evolve these solutions constantly, just as the hackers evolve their attacks. They claim to be able to take any company from a Code Red (unsafe) to a Code Amber (safe from most attacks) in just 21 days. Given that in 2019, 85 per cent of organisations worldwide reported experiencing cyber-attacks and that was a 16 per cent increase on 2018, this could not come sooner.

- Tarek Ghoul is CEO, Coordinates. Views expressed here are his own and do not reflect on the newspaper's policy.