LONDON: Cybersecurity looks like becoming the big theme of this year, and maybe for many years to come.
In a survey in January by the World Economic Forum, the threat of cyberattack was mentioned as one of the most serious global threats by business leaders; in the Middle East it was an especially worrying concern, second only to the oil price as a perceived risk.
For Karim Sabbagh, that is both a worry and a business opportunity. “The impact on economies and societies is huge. One of the challenges we have as captains of industry and as citizens is that we’re fascinated by the ability we have to digitize things in our day-to-day lives. But the sad part is that for every dollar we spend on new digital enablement, we’re not spending enough on cybersecurity,” he said last week on the sidelines of the IDEX defense exhibition in Abu Dhabi.
Sabbagh is CEO of DarkMatter, the Middle East’s home-grown digital security firm. Amid the guns, tanks and desert camouflage gear at IDEX, he explained to Arab News why we should all be taking the threat of cyberattack much more seriously, and spending a lot more money to defend against it.
“I can show you a demonstration in our booth. I can interfere with your transport network, your airport operations or your power grid. All these things aren’t fiction, they’re all for real,” he said against a backdrop of simulated warfare displays in the UAE’s big defense show.
“The people with bad intent will continue to evolve their techniques and their approaches. So the question isn’t how do I completely eliminate the known risks, but how can I prepare for threats in the future.”
The “people with bad intent” are enemy governments, industrial spies, ransom seekers, or people who “subscribe to a cause,” he said.
“From what we’ve seen … state-led attacks were the most prevalent. In private organizations, it was more about accessing data and using that data for your own commercial benefit,” he added, leaving the distinct impression he knew far more than he was willing to say publicly.
DarkMatter has been in business since 2015, the brainchild of Faisal Al-Bannai, the Emirati entrepreneur probably best known for the Axiom chain of telecom stores he has made into one of the best-known names in Middle East retail.
“He’s the single shareholder, and what he does is quite unique,” Sabbagh said. “Faisal is an entrepreneur, very driven and very passionate, with all the traits you’d like to see from entrepreneurs. He likes to see things through, and has a very long-term view.”
Sabbagh became CEO of the company last year after a stint with SES, a Luxembourg-based firm that provides satellite communications services to the US and other Western governments.
Before that, Lebanon-born Sabbagh worked for many years in the UAE and Saudi Arabia as a partner at management consulting firm Booz & Co., specializing in telecommunications and media.
He takes a broad view of the digital communications business in the five business sectors DarkMatter serves.
“How do I come up with technologies, devices and applications that can give me peace of mind that communication on these devices is secure? As we were doing work on those things, we also started engagement in areas concerning digital transformation, and questions about how the government provides new services that are digitized to all its citizens and residents,” he said.
A key part of DarkMatter’s work is the interaction of humans with technology. Sabbagh cites a recent cyber-attack in Singapore, in which the country’s medical records were accessed and compromised.
After a lengthy audit, the authorities discovered there were two main reasons. One was that on the network there were patches and fixes that weren’t done. So there was something that belonged to the realm of known vulnerability that wasn’t attended to,” he said.
“The second one was human capital. Through human intervention that attack was enabled, not by design but by accident. It boils down to technology and humans, the story of humanity since we invented fire.”
Why is the threat of cyberattack so high up the list of concerns for the Middle East? Sabbagh examined this in a work he co-authored in 2008 entitled “Oasis Economies,” which examined the social tensions created in traditional Arab societies going through the modernization process. He feels the lessons then still apply today.
“My conclusion is that as you try to liberalize economies but try to preserve the social safety net, as you try to liberalize the way people go about their daily lives while preserving the culture, you’re constantly trying to manage these tensions,” he said.
Highly digitized and progressive Arab youths live side by side with more conservative forces, he added.
Smart nations and smart business can’t be truly smart unless they secure their communications.
Karim Sabbagh, DarkMatter CEO
“In one family, even one household, you move from a very traditional way of living to the kids being astrophysicists, building probes to land on the moon. I’m not exaggerating,” he said.
“We have a highly digitized young population, not like the ageing populations of the West. These digital tools are available to them and they can be very productive, but if used inadequately they can be very harmful. So it doesn’t surprise me that the awareness around cyber threats in the region is very pronounced, and rightly so.”
These issues are especially pronounced in Saudi Arabia, which is going through the rapid transformational process of its Vision 2030 reform plan.
The modernization strategy involves the creation of a series of hi-tech hubs such as NEOM, the $500 billion megaproject involving a highly automated conurbation in the Kingdom’s northwest.
“In the old world, the industrial technology and the information technology operated in two different environments, but today there’s a big intersection between them,” Sabbagh said.
“The bigger the intersection the more efficient these businesses are, but the downside is that there’s a bigger attack surface from a cybersecurity standpoint. So the more countries such as Saudi Arabia advance their digitization processes, the more advanced they’ll become, but the downside is that the attack surface expands.”
The solution, he believes, is “defense, defense, defense” against cyberattack. “The best attack is defense,” he added.
MS in Technology Management from Columbia University
DBA (Doctorate) in International Business Management from the International School of Management (Paris)
MBA and BBA from the American University of Beirut
American Century University, New Mexico, US
Regional director for strategy, Leo Burnett Middle East
Senior vice president, Booz & Co.
Expansion of DarkMatter into Saudi Arabia is one of the priorities for later this year, moving the firm outside its UAE base and complementing existing business centers in Canada, Finland and India. “Saudi Arabia is probably one of the markets we’ll look at very closely,” he said.
One line of defense Sabbagh unveiled at IDEX was the new version of DarkMatter’s successful Katim phone, an ultra-secure and virtually indestructible mobile device that the firm is aiming at the defense, energy and government sectors.
The first version of the device was a big commercial success, but the second is designed to operate in even more hostile environments, with the promise of total data security.
“It’s designed to military standards in terms of ruggedness. Our engineers ran over it in a truck, and I wasn’t amused until they showed me a video of the phone working afterward,” he said.
“You can immerse it in water for 30 minutes and it still works. If the phone detects any attempt to try to interfere with it, either physically or via software, the data stored on it will automatically self-destruct. It’s a leap forward for us,” he added, emphasizing the “quantum resistant crypto protocols” that DarkMatter uses.
What do governments, always protective of data security, think of the new device? “The government is one of the users, as well as businesses where you have critical infrastructure being deployed,” he said.
Sabbagh summed up DarkMatter’s essential business philosophy: “Smart nations and smart business can’t be truly smart unless they can secure their communications. If they aren’t secure I can access their communications, hack them and interrupt their operations. People can give me all the smart slogans they want, but if I can hack you and interrupt your information, that’s not a very smart proposition.”