Exploring Cybersecurity Ecosystem in the Middle East: Towards an SME Recommender System
Keywords:Cybersecurity, network, cloud, endpoints, framework, vendor, SME/SMB, IT awareness, IT security
Cybersecurity is described as the protection of data resources by treating threats that jeopardize data. Enterprises must manage the cybersecurity risks so that the security and resilience of their assets may be improved. Cyber-attacks on Small and Medium Enterprises (SMEs) are rising. However, they often lack effective strategies to prevent threats such as malware, phishing, denial of service (DoS), and others. Their weak defense system is often an attractive avenue for hackers to explore loopholes. There is a lack of cybersecurity initiatives in SMEs, and several past attacks have exposed the weak systems. This paper first attempts to investigate the current scenario of cybersecurity in the context of Middle East SMEs. A survey of SMEs in the Middle East (cybersecurity space) helped understand the existing scenario, actual requirements, and challenges SMEs face. The research then explores the need for SMEs to choose the apt security solution to cater to their business needs. By reviewing the existing standards and pointers in different parts of the world, this research proposes a cybersecurity recommender system for SMEs in the Middle East. One of the survey findings reveals that most SMEs require adequate cybersecurity awareness, followed by evaluating the organization’s preventive capabilities. The dearth of information available online and the IT consultants’ conflicting guidance usually creates an information overload in deciding a neutral solution to address their needs. The recommender system attempts to structure the information available as a framework in deciding a cybersecurity solution for SMEs.
Better Business Bureau, “2017 BBB scam tracker annual risk report: New trends in scam,” 2017. [Online]. Available: https://www.bbb.org/globalassets/local-bbbs/council-113/media/scam-tracker/risk-report/bbbscamtrackerannualreport-final-2017.pdf. [Accessed 15 09 2019].
Gartner, “Gartner Says IT Spending in Middle East and North Africa Will Grow 2.4% in 2020,” 2020. [Online] Available: https://www.gartner.com/en/newsroom/press-releases/2020-03-08-gartner-says-it-spending-in-middle-east-and-north-afr. [Accessed 15 09 2019].
B. Bilbao-Osorio, S. Dutta and B. Lanvin, “The Global Information Technology Report 2013: Growth and Jobs in a Hyperconnected World,” in World Economic Forum, 2013.
W. Tohme, J. Lindeyer, I. Harb and S.Papazian, “Cyber security in the Middle East A strategic approach to protecting national digital assets and infrastructure. E-Report,” 2015. [Online]. Available: https://www.strategyand.pwc.com/media/file/Cyber-security-in-the-Middle-East.pdf [Accessed 20 1 2020].
H. Aldawood and G. Skinner, “Educating and Raising Awareness on Cyber Security Social Engineering: A Literature Review,” in IEEE International Conference on Teaching, Assessment, and Learning for Engineering (TALE), 2018.
L. Jixing L, W. Yu, Q. Bin, “Discussion on Cyber Security Awareness and Awareness Model Building Based on Connectionism,” in IEEE 4th Information Technology and Mechatronics Engineering Conference (ITOEC), 2018.
M. Nycz, M.J. Martin and Z. Polkowski, Z, “The cyber security in SMEs in Poland and Tanzania,” in 2015 7th International Conference on Electronics, Computers and Artificial Intelligence (ECAI) (pp. AE-27), 2015.
R.G. Abbott, J. McClain, B. Anderson, K. Nauer, A. Silva and C. Forsythe, “Log analysis of cyber security training exercises,” Procedia Manufacturing, vol. 3, pp. 5088–5094, 2015.
S. Kabanda, M. Tanner, M and C. Kent, C, “Exploring SME cybersecurity practices in developing countries,” Journal of Organizational Computing and Electronic Commerce, vol. 28, no. 3, pp. 269–282, 2015.
IDC, “Worldwide Semiannual Small and Medium Business Spending Guide, International Data Corporation,” 2019. [Online] Available: https://www.idc.com/getdoc.jsp?containerId=IDC_P35112 [Accessed 20 7 2020].
F. Neves, F. Marta, A. Correia, M. De M, C. Neto, “The Adoption of Cloud Computing by SMEs: Identifying and Coping with External Factors: Organizational Issues and Success Factors,” in 11th Conferência da Associação Portuguesa de Sistemas de Informação (CAPSI 2011), 2011.
A. Caruso and M. Marchiori, “The Adoption of Information Systems in SMEs: Organizational Issues and Success Factors,” in Proceedings of the 11th European Conference on Information Systems, vol. 85, 2003.
Verizon, “Data Breach Investigations Report,” [Online] Available: https://enterprise.verizon.com/resources/reports/dbir/2019/introduction [Accessed 20 5 2019].
G. Reyes, S. Macwan, D. Chawla, C. Serban, “Securing the mobile enterprise with network-based security and cloud computing,” in 35th IEEE Sarnoff Symposium, Newark, 2012.
A. Dedeke, “Cybersecurity framework adoption: using capability levels for implementation tiers and profiles,” IEEE Security & Privacy, vol. 15, no. 5, pp. 47–54, 2017.
M. Scofield, “Benefiting from the NIST cybersecurity framework,” Information Management, vol. 50, no. 2, p. 25, 2016.
A. Ganin, P. Quach, M. Panwar, Z.A. Collier, J.M. Keisler, D. Marchese and I. Linkov, “Multicriteria decision framework for cybersecurity risk assessment and management,” Risk Analysis, vol. 40, no. 1, pp. 183–199, 2020.
K. Frank, “How to Make Sense of Cybersecurity Frameworks,” 2019. [Online] Available: https://www.rsaconference.com/industry-topics/presentation/how-to-make-sense-of-cybersecurity-frameworks [Accessed 20 5 2020].
J. Garae, R. Ko and M. Apperley, “A Full-Scale Security Visualization Effectiveness Measurement and Presentation Approach,” in 17th IEEE International Conference On Trust, Security And Privacy In: Computing And Communications, New York, 2018.
J. Kaur and N. Mustafa, N. 2013. Examining the effects of knowledge, attitude and behaviour on information security awareness: A case on SME. In 2013 International Conference on Research and Innovation in Information Systems (ICRIIS) (pp. 286–290), 2013.
M. Rea-Guaman, J.A. Calvo-Manzanoa and T. San Feliu, “A prototype to manage cybersecurity in small companies,” in 2018 13th Iberian Conference on Information Systems and Technologies (CISTI), p. 6, 2018.
M. Almorsy, J. Grundy and A. Ibrahim, “A Prototype to Manage Cybersecurity in Small Companies,” in 4th IEEE International Conference on Cloud Computing, Singapore, 2011.
S. Kathiravan, G. Takshi, K. Senthil, N and Srinivasan N, “Smart Resilient Security Framework and Solutions for Cloud-driven Digital Supply Networks,” International Journal of Innovative Technology and Exploring Engineering (IJITEE), vol. 9, no. 2, 2019.
J. Srivastava and K. Nanath, “Adoption of cloud computing in UAE: A survey of interplay between cloud computing ecosystem and its organizational adoption in UAE,” International Journal of Information Systems in the Service Sector (IJISSS), vol. 9, no. 4, pp. 1–20, 2017.
S.N. Matheu, J.L. Hernandez-Ramos and A.F. Skarmeta, “Toward a cybersecurity certification framework for the Internet of Things,” IEEE Security & Privacy, vol. 17, no. 3, pp. 66–76, 2019.
C. Di Giulio, R. Sprabery, C. Kamhoua, K. Kwiat, R.H. Campbell and M.N. Bashir, “Cloud Standards in Comparison: Are New Security Frameworks Improving Cloud Security?,” in IEEE 10th International Conference on Cloud Computing (CLOUD), pp. 50–57, 2017.
M. Rea-Guaman, J.A. Calvo-Manzano and T. San Feliu, “A prototype to manage cybersecurity in small companies,” in 2018 13th Iberian Conference on Information Systems and Technologies (CISTI), pp. 1–6, 2018.
S.N. Gourisetti, M. Mylrea, E. Gervais, and S. Bhadra, S, “Multi-scenario use case based demonstration of Buildings Cybersecurity Framework webtool,” in 2017 IEEE Symposium Series on Computational Intelligence (SSCI), pp. 1–8, 2017.
B.J. Yang and B. Kirk, “Try-CybSI: A Platform for Trying Out Cybersecurity,” IEEE Security & Privacy, vol. 14, no. 4, pp. 74–75, 2016.
B. Iyamuremye and H. Shima, “Network security testing tools for SMEs (small and medium enterprises),” in IEEE International Conference on Applied System Invention (ICASI), pp. 414–417, 2018.
C. Bronk and E. Tikk-Ringas, E, “The cyber attack on Saudi Aramco,” Survival, vol. 55, no. 2, pp. 81–96, 2013.
Y. Ben-David, S. Hasan, J. Pal, M. Vallentin, S. Panjwani, P. Gutheim and E.A. Brewer, “Computing security in the developing world: A case for multidisciplinary research,” in Proceedings of the 5th ACM workshop on Networked systems for developing regions, pp. 39–44, 2011.
A.D. Abubakar, J.M. Bass and I. Allison, “Cloud computing: Adoption issues for sub-saharan African SMEs,” The Electronic Journal of Information Systems in Developing Countries, vol. 62, no. 1, pp. 1–17, 2014.
A.A. Alawiye-Adams and B. Awoyemi, “Cash-Less Economy Policy and Remote-on-US’ATM Transaction Fee in Nigeria,” Available at SSRN 2528608, 2014.
A. Irons and J. Ophoff, “Aspects of digital forensics in South Africa,” Interdisciplinary Journal of Information, Knowledge, and Management, vol. 11, pp. 273–283, 2016.
A. Ahmad, S.B Maynard and G, Shanks, “A case analysis of information systems and security incident responses,” International Journal of Information Management, vol. 35, no. 6, pp. 717–723, 2015.
Z.A. Soomro, M.H. Shah and J. Ahmed, “Information security management needs more holistic approach: A literature review,” International Journal of Information Management, vol. 36, no. 2, pp. 215–225, 2016.
L. Barnard, “Warning for UAE companies after huge cyber attack,” 2016. [Online] Available: http://www.thenational.ae/business/technology/warning-for-uae-companies-after-huge-cyber-attack [Accessed 20 6 2020]
M. Evans, Y. He, L. Maglaras and H. Janicke, “HEART-IS: A novel technique for evaluating human error-related information security incidents.,” Computers & Security, vol. 80, pp. 74–89, 2019.
N. Altaher, “UAE a target of 5 per cent of global cyber attacks,” 2016. [Online] Available at: http://gulfnews.com/news/uae/crime/uae-a-target-of-5-per-cent-of-global-cyber-attacks-1.1826610 [Accessed 26 3 2020]
S. Kabanda, M. Tanner and C. Kent, C, “Exploring SME cybersecurity practices in developing countries,” Journal of Organizational Computing and Electronic Commerce, vol. 28, no. 3, pp. 269–282, 2018.
M. Benz and D. Chatterjee, “Calculated risk? A cybersecurity evaluation tool for SMEs,” Business Horizons, 2020.
C. O. Çaparlar and A Dönmez, “What is scientific research and how can it be done?,” Turkish journal of anaesthesiology and reanimation, vol. 44, no. 4, p. 212, 2016.
Mansfield, M. “Cyber Security Statistics: Numbers Small Businesses Need to Know,” 2017. [Online] Available: https://www.bralin.com/cyber-security-statistics-small-businesses-need-to-know [Accessed 20 4 2020].
Businesswire, “Global Data Center Market Outlook 2019-2023 | 17% CAGR Projection Over the Next Five Years” 2019. [Online] Available: https://www.businesswire.com/news/home/20190823005139/en/ [Accessed 20 5 2020].
B.D. Waugh, “Information Security Policy for Small Business. Information Security Writers,” 2008. [Online] Available: http://www.infosecwriters.com/text_resources/pdf/BWaugh_Policy.Pdf. [Accessed 20 5 2019].