Cyber security: are Lebanese companies protected?

These growing hacks of electronic networks, for criminal, as well as seek and destroy purposes, affect the integrity of business operations, critical national informational infrastructures, personal information, and children's safety.
3 March 2017 | 13:15

BEIRUT: Global society has grown dependent on information and communication technologies for networking from point to point around the world.

Work as such goes on at the speed of light.

However, every major technological development in any field comes with a number of negatives such as emerging dangerous threats to network and information security. The increase in network hacks for criminal, espionage, and well as corporate theft purposes, affect the integrity of business operations, critical national informational infrastructures, and personal information.

According to a report published by Strategy&, an international business consultancy, about the state of cybersecurity in the Middle East, the region has become an attractive target for a wide array of cyber attacks.

"Indeed, governments and large organizations in almost every vital sector of the region have sustained damage from cyber attacks," the report says.

The report also notes that most cybersecurity efforts at present are reactive. Their focus is recovery from a cyber attack, as opposed to preventing future attacks.

Beirut is no different than elsewhere in the Middle East, it is vulnerable.

"The problem here lies within the Lebanese people's culture, by underestimating cyber security which then results in them mobilizing their intent on setting up a secure system after they've been targeted thus making the whole conundrum a matter of being reactive and not proactive," Joe Hage, CEO of Universant Technology, an IT and cyber security consultancy, told Annahar.

Hage explains that nowadays, cyber attacks are becoming more sophisticated with each iteration, thus companies, governments, and citizens must be vigilant with their online footsteps.

"Technology is advancing at a very rapid rate, and people are happy with the advancement but barely anyone is looking to the dangers that are emerging alongside it," he added, noting that the first key step in fighting back is awareness and education to rendering people more alert about the existence of potential targeting.

Hage later highlighted that in Lebanon and the region as a whole, another main reason behind the increased risk of cyber attacks is the use of pirated software, rendering computers with a high likelihood of virus and malware infections.

"Usually, small to medium businesses tend to adopt cheaper ways of setting up software which in turn increases the chances of a breach or the spread of infectious malware," Hage told Annahar, noting that people, especially in Lebanon have a misconception in terms of cost of cyber security systems.

Companies can set up a proper reactive security system for average prices which can, therefore, have a drastic effect on the maintenance of their data within cyberspace.

Lebanon recorded a much higher rate of software piracy than the global average with 70 percent of the software used in 2015 being pirated. The unlicensed software rate for that year came in at par with China, but lower than Indonesia, according to the Business Software Alliance.

The BSA, a Washington-based association of the world's leading software companies, reported in its recently released 2016 Global Software Survey, that, "computer users around the globe use the unlicensed software at an alarming rate, despite being well aware of the associated cyber security dangers."

The BSA warns that the cost can be high in vulnerability to cyber attacks.

Echoing Hage's words, Elie Zeidan, head of the cyber intelligence unit at Potech consulting – an IT security consultancy firm – considers that protecting a company's tech assets is easier and less costly than might be expected.

"It's a question of awareness and education, that determines how safe an individual or company wants to be," Zeidan said, "for average citizens there are hundreds of neat tips and tricks they could implement that would shield them from cyber attacks, while companies can adopt an online security system with a low-to-medium budget."

Other than offering IT and cyber security solutions, Potech Consulting focuses on educating each company it works with to understand the importance of prioritizing cybersecurity in order to keep the staff prepared and aware of future potential risks. "A company must ask itself, can it work without its system, computers, and smartphones for a day?" Zeidan added.

Where unlicensed software is in use, BSA warned, the likelihood of encountering malware dramatically goes up. And the cost of dealing with malware incidents "can be staggering." In 2015 alone, for example, cyber attacks cost businesses over $400 billion.

The BSA survey, which canvassed consumers, IT managers and enterprise PC users, shows that use of unlicensed software remains high, and "that individuals and companies are playing with fire when they use unlicensed software. This is due to the strong connection between cyber attacks and the use of unlicensed software," the BSA said in a statement.

"Companies must invest in good quality in terms of their security system, as opposed to always seeking the cheaper option which would subsequently lead to their demise," Hage noted.

There are businesses in Lebanon, however, such as the banking sector, where a premium is placed on cyber security, and IT managers closely supervise PC usage and hardware is featured without USB ports and no download ability from the Internet.

"The reason why the banking sector in Lebanon is so secure is because it relies heavily on cyber security, due to prior experiences in the past, realizing how easy it is to hack or breach anyone especially these days," Zeidan notes.

Zeidan recounts an incident where a Lebanese hospital's system was breached, and medical records, as well as private information of patients, was taken from the hospital's database and used as a form of extortion for a sum of money.

Some people have asked the government to form an online platform to directly report a breach to the authorities in the quickest way possible.

"The most practical tool to communicate with the competent authorities is by having a platform where people or companies, be them big or small sized, could report such breaches directly to the Cybercrime and Intellectual Property Bureau at the Internal Security Forces," Hage said. "This would assist in containing the damage done," Hage highlighted.

The startup sector in Lebanon is finding that cybersecurity is a top priority within any early stage company"All investors have placed a cybersecurity clause within their contracts with nearly all startups to ensure they're a more secure venture," said Hadi Abdel Nour, CEO of a startup called "Smarke", an Internet of Things (IoT) mobile applications that allows users to open doors with their smartphones.

"No matter how strong a person's security is, there is always a way to be hacked or breached and that is why most tech and IoT-based startups rely heavily on online clouds to place their information in order to benefit from the top-notch security system, (of large-corporate-based clouds)," Abdel Nour told Annahar.

"An effective and enduring way to counter these attacks is by setting up a national cyber security program which includes proactive cyber-capabilities that can help to prevent attacks, such as information sharing and continuous monitoring for elevated situational awareness,"

Most current efforts focus on the role of the government in establishing and maintaining cyber security. However, Hage notes that a national cyber security program must be integrative, "it must involve the private sector and citizen, and enlist their assistance in addressing the protection of critical digital assets and infrastructure no matter where it is within the country."

The gap between the cyber security capabilities of public- and private-sector entities in Lebanon and the MENA and the capabilities of their adversaries in cyberspace already represents a tangible risk, and it is growing daily, according to Strategy&'s report.

"To close this gap, we believe that Lebanon needs to take a strategic approach to rethink and revamp their national cyber security efforts and increase funding. Until then, tactical and technical solutions to cyber attack can serve only as stopgap measures," a source in the Cybercrime and Intellectual Property Bureau at the Internal Security Forces, told Annahar.

However, many solutions are coming into recent play; the American University of Science and Technology is integrating a Cyber Security major within its computer science and engineering curricula to graduate an effective talent pool that would improve both the public and private sector's cyber performance.

And, companies such as Universant Technology are also pitching in by collaborating with AUST to host workshops, lectures, and conferences related to cyber security.

While a survey conducted by Raytheon, a U.S.-based IT Solutions Company that specializes in defense, civil, government, and cyber security solutions, notes a forecast that the Middle East's security posture will be improved by 2018.

"It's a good sign that we're seeing more and more conferences about cyber security being done by both the public and private sector to educate businessmen, investors, youth and everyone to be more aware of the possible threats we can and will encounter, for a more secure cyberspace," Zeidan told Annahar.

An-Nahar is not responsible for the comments that users post below. We kindly ask you to keep
 this space a clean and respectful forum for discussion.