The Lebanese cybersecurity landscape

Providers and markets

Illustration by: Ivan Debs

Overall, it is not clear what the local share of the global cybersecurity market – estimated by Gardner at $81 billion in 2016 – is or might be. Estimates and anecdotal evidence suggest, however, that the local market is still small. Salah Rustum, president of local firm Commercial & Industrial Enterprises of Lebanon (CIEL) and a veteran in the data protection business here as partner with electronic signatures authentication services company GlobalSign, estimates the market at currently “around $10 million” when queried by Executive. Other decision makers in Lebanese cybersecurity consultancies and network operating companies say they prefer not to make any estimate about the current size of the cybersecurity market, citing the known dearth of reliable statistics in the country.

Beirut-based cybersecurity stakeholders also have only vague estimates on the number of qualified competitors that they face in the Lebanese market or on the number of highly skilled analysts with the required expertise to staff a Security Operations Center (SOC) – not currently existing in the country – as top-level forensic experts. General agreement, however, among stakeholders is that this specialist subsector of the information technology (IT) industry is set for substantive growth – at least double-digit year-on-year – over the coming years and that the biggest challenge is not to find new customers but to obtain qualified engineers that either already have or can obtain cybersecurity skills.

One example for this dichotomy between expected demand growth and missing manpower is Crystal Networks, a Beirut-based regional IT company of 75 employees, which according to co-founder and general manager Esper Choueiri does 40 to 45 percent of its business domestically and the remainder in the Arab region, with Saudi Arabia as the main business driver there.

Choueiri tells Executive that his company filled five new engineer positions in 2017 that were all in the security department of the venture, which has five departments. “In many cases, experienced engineers cannot be found and new engineers need to be trained in-house for cybersecurity. My biggest challenge is finding the right people, and at the same for all my customers,” he says.

In many cases, experienced engineers cannot be found and new engineers need to be trained in-house for cybersecurity

Lack of local expertise

To operate a high-grade Security Operations Center, or SOC, requires teams of engineers with three levels of expertise. Engineers need between a minimum of one year of experience to perform well on the first level and at least five years on the top level, Choueiri says. By his estimate only one fifth of needs for top-level SOC experts are currently filled in Lebanon.

Also in the view of Jens Muecke, senior partner in the roughly four-year old IT security consultancy Krypton Securities in Beirut, a shortage of local experts is holding back cybersecurity development in Lebanon. “From my opinion and what we have seen in our team, many banks and companies over here are way behind. One reason is missing expertise – it is really hard to find good people here, given the instability of [this country] and the whole region. Everyone who is acquiring the skill [of a cybersecurity expert] and a reputation for having such, is getting out of here to take up a well-paid job in Europe or the US,” he says.

German-born Muecke joined Krypton after having worked with leading consultancies and international internet and software providers in the United States. The company, which has a team of seven employees in Beirut and its nominal home in Dubai, according to him has half the major banks in Lebanon among its clients, as well as some smaller companies. Krypton does about 80 percent of its business here as its expansion in other markets such as Jordan, Cyprus, and Saudi Arabia is still in the early days. It will take a few more shocks for markets in this region to fully awaken to cybersecurity. “What I think is that this region needs a few more bad examples when things happen tragically and somebody has to pay the price before they all realize what they need,” he says.

Judging from his observations, local companies to this day tend to approach cybersecurity with the same mindset with which  in earlier years they entered in other quality certification procedures. With such a mindset, companies emphasize assurance of their compliance with regulations. After they are promised cybersecurity on the cheap, they become compliant on paper but don’t achieve the knowledge transfer that they should get, Muecke says: “They have a paper saying ‘it is compliant’ but it is not. They don’t have the process and don’t do updates regularly. They don’t evaluate all reports as they should. They live day to day and hope nothing is going to happen.”

The notion that risks extend far beyond the financial sector in also the view of Tony Feghali, general manager of Potech Consulting, based at Berytech. His security company does not have exact numbers and statistics on the extent of internet-related damages at Lebanese companies but he says that in their experience, banks are not the only targets here. “They are definitely a very interesting target because that’s where the money resides, but today we’re seeing a lot of cyberattacks – especially ransomware or other type of attacks – targeting every type of business,” he says.

Huge growth potential

The growing likelihood of being targeted does not mean that local companies radiate universal awareness of their risks. According to Choueiri, awareness levels are extremely unequal. “To be realistic the banking sector is most advanced when it comes to cybersecurity and most aware among the Lebanese enterprise sector. Any company that is not IT-related is in my personal opinion totally unaware of security risks,” he says. Along with other experts he notes that besides missing awareness, it is often difficult to assess the real number and magnitude of cyber breaches and security damages in Lebanon because of widespread reluctance of breached companies to come forward and discloses their misfortune, mostly due to fear of reputation loss.

This phenomenon, however, is global and not particular to this country or region, experts agree. The phenomenon also does not deter cybersecurity companies from expecting double-digit business growth, or better, for the next few years. Choueiri expects demand to increase between 35 and 40 percent year-on-year and has important expectations for 2017. “I have [a] feeling that this year will be the year of cybersecurity. Everybody is talking about it,” he says.

CIEL’s Rustum sees year-on-year growth as upwards of 10 percent and even believes that more is in the cards. “[Growth] will be exponential in Lebanon, because the more people know about it, the more they are going to use cybersecurity,” he says. He moreover is not worried that there could be too much competition for the market to carry but on the contrary believes that there is room for more cybersecurity players. “There is enough cheese for everybody. The idea is to stir up the people and tell them that if they want to go on the internet, they have to protect themselves,” he elaborates.

Rustum’s main worry is bringing the legal framework in Lebanon up to speed. When his business working with digital signatures was established in the 1990s, the country was praised as one of the first in the world where the technology was introduced, but thereafter it slipped every year down in rankings for technology adaptation as the draft law on digital signatures was put to rest in government drawers. “Time is really passing us by. What I am afraid of is that by the time Parliament approves the law, it is already obsolete,” he laments.     

As Executive did not find any comprehensive study on security market data in the country, it seems difficult to assess realistically, with or without legislative innovation, what chance local companies might have for rising through international ranks, whether by expertise or by business volume related to cybersecurity. However, there can be no doubt about the growing role of cybersecurity companies in global markets, which is documented by the rise and overall growing valuations of international specialist companies. The largest firms globally in the sector are based in Silicon Valley but a few are not far from our geography in physical terms (see box below).

What I think is that this region needs a few more bad examples when things happen tragically and somebody has to pay the price

Work operators see threat

Local companies that are active stakeholders in the market involve not only security consultancies but also network operators. A rising hub of cybersecurity activity seems to reside in the Holcom Group of companies where Executive encountered not only Crystal Networks but also ICT company and network operator GlobalCom, which confesses to the aim of developing its own cyber SOC in partnership with global player, British Telecom (BT). 

“We first have a duty to protect our networks and then we have a duty to help our customers protect themselves,” says Habib Torbey, GlobalCom Holding’s chief executive officer and general manager of its data carrier unit GlobalCom Data Services (GDS). Torbey tells Executive that the investment into the cyber SOC will be in the multi-million dollars. Although Lebanon by his observation so far has mainly seen attacks from small-time hackers, he reasons that the investment into a cyber SOC is warranted because attacks are getting more and more sophisticated, affecting more and more markets.

“We don’t need to wait for a disaster before we start protecting ourselves. No one in this field can fight the battle alone, and in the same way that pirates are cooperating to make their attacks more sophisticated and more successful, the good guys need to cooperate,” he reasons, explaining that GlobalCom partnered in this task with BT because there is a long-standing collaboration between the companies since the 1990s and because BT “is one of the best in cyberdefense.”

According to Torbey, GlobalCom has a network that comprises backbones and over 150 sites; it carries 70 percent of corporate traffic in Lebanon through GDS. The holding also entails the Internet Services Providers IDM and Cyberia. According to BT representatives who came to Beirut for an event last month, Lebanon is regarded as one of several priority countries in Middle Eastern new markets. The multinational company  has started to address the local cybersecurity market in 2016 in partnership with GlobalCom and wants to serve the country’s 20 to 30 largest entities with cybersecurity services.   

Outsourcing security

Outsourcing cybersecurity to specialist companies would be legally feasible for local banks, although compliance with banking secrecy laws requires that they would use a cyber SOC that is located in Lebanon, asserts Torbey. “Some customers who do not understand how cybersecurity works may have a tendency to think that we can see the content of their traffic and their trade secrets. No, we don’t look at the content and we don’t want to look at the content. We just want to look at the technical specs of the traffic in order to see if there is an attack or not and how to defend against it if there is an attack,” he explains.

While operation of a cyber SOC will require running investments, Torbey says this is a necessary cost and expresses the hope to additionally turn it into revenue opportunity by selling its services. Coming from a low base in cybersecurity revenues, he expects double-digit growth of revenues and is not afraid that cyberattacks would create digital disasters for operators who know what they are up against in facing cybercrime. He says, “Once you become aware of the risk and help your customer become aware of the risk, the future is not scary. You can do something about it.”

Thomas Schellen

Thomas Schellen is Executive's editor-at-large. He has been reporting on Middle Eastern business and economy for over 20 years.

2 Comments

*

Top