Last January, after online criminals unleashed a wave of attacks on a single UAE bank, a California-based IT security company declared that the Emirates had "made its debut" as a preferred destination for hackers.
In geek-speak? Phishing season was open in the UAE.
Online criminals and state-sanctioned hackers have traditionally taken aim at larger countries with more secrets and a greater selection of targets - like the US, the UK and China. But in the world of online vulnerabilities, the playing field is levelling out.
As The National's business columnist Tony Glover wrote yesterday, companies in the UAE are increasing more likely to be hacked than firms in the US. Cyber-security firms have a vested interest in warning of this threat (and selling solutions), but there is growing cause for concern.
For a nation relying on everything from information technology to aerospace solutions, vulnerabilities like these can have a significant effect on profits. One estimate puts the average annual loss due to cyber theft at $2 million (Dh7.3 million) for large enterprises in the UAE.
Debuting on a top-15 list of countries vulnerable to online crime can be a powerful disincentive to business. But it does present an opportunity to build more aggressive prevention strategies.
This is where companies can take the lead. Because the largest source of malware and infectious code comes from external devices such as USB drives, educating employees on safe practices is the first step. More important though is building IT networks that allow for rapid analysis of data loss and real-time monitoring. In this regard, close coordination with other organisations is key.
The problem is that most firms wait until they are compromised to respond. In a white paper, the UAE telecommunications firm du noted that IT security staff in the UAE "only become aware of a specific security vulnerability once the consequences of the breach become visible".
To its credit, the government has taken a lead in legislating solutions, but a more aggressive and coordinated public-private partnership is in order. Private companies and regulatory agencies cannot operate in isolation from each other. To protect the country's banks and bourses, corner shops and research centres, the battle against cyber crime needs a collective - and immediate - solution.