Doing Business in UAE
Jay Krishnan, Partner
UAE is one of the most promising and stable countries in the Arab world that has experienced substantial expansion over the last few years. The current status the UAE enjoys today as a leading commercial and trading hub is the result of years of hard work and dedication and its willingness to adopt innovative technologies.
The government has been implementing various strategies to promote technologies such as artificial intelligence and blockchain, that helps shape the future and society. The massive investments UAE has made in these fields prove the country’s appetite for digital transformation. According to reports, AI is estimated to contribute $9.6 billion to the UAE economy by 2030— nearly 13.6 per cent of its Gross Domestic Product (GDP).
UAE spreads over an area of 83,000 sq km, along the south-eastern tip of the Arabian Peninsula. Abu Dhabi, the federal capital of UAE, also happens to be the largest emirate, accounting for 87 percent of UAE’s total area.
The contrasting landscapes of UAE is a feast for the eyes, be it the sandy deserts, giant dunes, spectacular oases or the awe-inspiring mountains.
The size of the country might be small, but when it comes to regional and international affairs, UAE’s role is noteworthy.
There has been a notable increase in the population of the country over the past few years; from 4.1 million in 2005 to roughly 9.5 million in 2018.
Out of the 22 countries in the Middle East, UAE has the most diverse population. The country’s rapid growth in various economic sectors and the high standard of living has been luring expatriates from every part of the world to UAE. Expatriate workers form the majority of the population (88.5%) and UAE citizens form the minority (11.5%). The largest group of non-UAE nationals are South Asians, Egyptians and Filipinos.
The operations of the UAE government are distributed between the federal government and the local governments of each emirate. The Cabinet of the United Arab Emirates is the chief executive body of the country and it consists of Prime Minister, two deputy prime ministers, the ministers of the UAE, and an active General Secretariat.
According to convention, the ruler of Abu Dhabi is the President of the UAE and the ruler of Dubai is the Prime Minister of the UAE.
The UAE gives great importance to personal relationships and mutual trust, while conducting businesses. Emirati people usually prefer to conduct business with familiar people; hence having someone introduce you will prove to be beneficial in your business relationship.
The working week in UAE starts on Sunday and the official weekend is on Friday and Saturday. Some smaller private companies close only on Friday.
Government offices open at 7.30 a.m. and close at 3.00 p.m. Private offices function for longer duration and either adopt straight shift or split shift.
The country has issued a number of laws related to the economy, trade and investment since its formation in 1971. There are many local laws pertaining to alcohol consumption, dressing, public displays of affection, etc. in the UAE. Expats should be aware of these as ignorance of the law will not be considered or accepted as an excuse in court and breaking the law will get you into legal trouble.
Some of the major laws are Commercial Companies Law, bankruptcy law, labor law, Anti-Money Laundering law and tax laws.
UAE is one of the fastest growing economies in the world and the second largest in the Arab world. GDP of the economy which stood at $382.58 Billion in 2017 is projected to trend around $425.00 Billion by the year 2020. The economy of UAE has grown by nearly 231 times, since its independence in 1971.
“UAE is the best example how visionary leaders can transform a country. UAE transformed to a world class investment destination by moving away from its early dependence on natural resources like Oil and Gas. The government’s bold decision to welcome foreign investments in property, tourism and technology lead to an unprecedented growth in UAE economy. HLB HAMT was fortunate to witness and serve the business environment in UAE in the form of consultancy and various other forms of professional services, in line with the vision of the rulers of the UAE’, says Mr. John Varghese, Founder and Managing Partner of HLB HAMT.
The UAE government is continuously adopting forward-looking changes to make the environment even more stable and sustainable for the expat population to thrive in this country.
There are numerous factors that have helped in uplifting UAE’s position as a significant regional and international business player;
UAE is strategically located at the crossroads of Asia, Europe, Africa and the CIS countries and it offers ready access to clients and customers in the neighboring regions.
Efficient trade policy
The UAE has a liberal trade system as it follows an exports diversification policy, wherein the country exports a wide variety of products and does not rely on a single commodity.
UAE has trade agreements with numerous countries which includes partner countries in the GCC as well. The country has been a member of World Trade Organization since 10 April 1996 and a member of General Agreement on Tariffs and Trade since 8 March 1994.
Favorable government policies
The UAE has a business-friendly environment and world class infrastructure, which is evident from the increase in the number of international companies establishing their base in the country.
The UAE pursues a strategy of diversification and sees to it that an optimal balance is maintained between various sectors. Even though oil production is the biggest source of revenue, in 2015, only 30 percent of UAE’s GDP came from oil production, the rest 70 came from non-oil sectors such as media, telecom, tourism, manufacturing and commercial aviation. UAE has bagged the first spot among the Arab countries and 11th globally, in the World Bank’s Ease of Doing Business 2019 report.The country’s reforms related to ease of starting business, getting electricity, registering real estate and gaining access to credit, have helped it climb 10 spots. Overall, the UAE is far ahead of its GCC peers in global ranking.
UAE has been luring investors from across the globe with its attractive features, that are:
Flexibility to do business in any part of the country
Less restrictions on the number of visas
More business activities available for licensing
No business or personal taxes
In UAE, a company can be formed in any of the following three jurisdictions:
A mainland company is an onshore company licensed by the Department of Economic Development (DED) of the related emirate. The companies registered in the UAE mainland can do business in the local market as well as outside UAE without any restriction.
Free zones are areas that have a special tax, customs and imports regime and are governed by their own framework of regulations.
An offshore company is a legal business entity that operates outside its registered jurisdiction for the purpose of legally minimizing tax payment.
COMPLETE FOREIGN OWNERSHIP
Non-UAE nationals seeking to establish an entity in UAE mainland need to team up with a UAE national:
In case of a Limited Liability Company (L.L.C) with commercial activities, the UAE national will own 51 percent of shares and the non-UAE national will own the remaining 49 percent shares.
But of late, the UAE government has announced a new law that will permit complete foreign ownership in certain sectors selected by the government. Foreign investors can get complete control over 122 economic activities across 13 sectors.
The sectors include renewable energy, space, agriculture, manufacturing, transport, storage and many more. The production of solar panels, power transformers, green technology, and hybrid power plant, e-commerce transport, supply chain, logistics, and cold storage for pharmaceutical products are some of the activities included in the project.
Other areas of ownership by foreign investors include hospitality and food services, information and communications, professional, scientific and technical activities, administrative services, support services, educational activities, healthcare, art and entertainment, and construction.
The new law does not apply to free zones and offshores where 100% foreign ownership is already permitted.
In case of any other entity (primarily meant for all Companies with professional category licenses), the UAE nationals will be acting as a Local Service Agent (LSA), wherein the shares of the company will be fully owned by the ex-patriate shareholder and the UAE national will act as an agent for local contact purpose. However, all the business responsibilities and risks will be vested with the expatriate shareholder.
To conduct any form of business in the UAE, one must acquire a trade license. The UAE economic department is the liaising authority that issues trade licenses and the procedures of licensing vary from one emirate to another. Licenses in UAE can be divided into three;
Commercial licenses covering all kinds of trading activity
Professional licenses covering professions, services, craftsmen and artisans
Industrial licenses for establishing industrial or manufacturing activity
Carrying out business without a trade license is illegal in UAE and is subject to penalties. In addition, the license needs to be renewed every year.
The Dubai Economy had come up with an instant license service that aims to facilitate the issuance of trade licenses in Dubai in 5 minutes! You don’t have to register a trade name, legal contract or even a rent contract; businesses can be started instantly.
There is no standard price for setting up business in UAE as it depends on many factors such as;
Business activity of the firm
The jurisdiction where the company is established
Approvals and certifications
Office space and visa requirements
SETTING UP BUSINESS IN MAINLAND
Selecting the type of business/commercial activity is the primary step while setting up business. Business types are categorized into-
Limited Liability Company (LLC)
A limited liability company (LLC) can be formed by a minimum of two and a maxi¬mum of 50 persons whose liability is limited to their shares in the company’s capital. Such companies are recognized as offering a suitable structure for organizations interested in developing a long-term relationship in the local market.
LLCs can engage in any industrial, commercial, professional and tourism business.
Joint venture company
A joint venture is a contractual agreement between a foreign party and a local party licensed to engage in the desired activity. The local equity participation in the joint venture must be at least 51%, but the profit and loss distribution can be prescribed. There is no need to license the joint venture or publish the agreement. The foreign partner deals with third parties under the name of the local partner who – unless the agreement is publicized – bears all liability. In practice, joint ventures are seen as offering a suitable structure for companies working together on specific projects.
Public and Private Joint Stock Company
In a joint stock company, the capital is divided into negotiable shares of equal value, wherein each shareholder is only liable for the company’s financial obligations to the extent of their share in the capital.
A Private joint stock company can conduct only commercial and industrial activities whereas public joint stock companies can practice industrial, commercial and professional business activities.
Qualified professionals in specialist sectors, that include doctors, accountants, lawyers, consultants, engineers, etc can form a civil company in UAE. These companies should be established as partnerships with the business owners who have professional qualifications in their field of expertise. A local agent is mandatory to start a civil company in the UAE.
Branch of a local or GCC company
A branch of a local or GCC company can be involved in activities that are included in the license of the parent company.
Branch of a Foreign and free zone Company
A branch office, legally regarded as part of its parent company, is a full-fledged business, permitted to conduct activities as specified in its license. A branch office can engage in activities similar to those of its parent company, but it is not permitted to carry on the business of importing the products of its parent company. The name and activity of the branch office will be same as that of the parent company. A branch office can conduct commercial, industrial and professional activities that are authorized on the mainland. Branch offices need to register through the Ministry of Economy.
A sole establishment is a legal entity exclusively owned by one individual. He/she will be responsible for all financial responsibilities and liabilities.
In the case of expats, sole establishments are allowed only for practicing professional services, such as management, medical, engineering and IT consultancies (under a civil company).
Benefits of setting up business on Mainland
Can trade with other businesses on the mainland
Greater scope of business activities
Can work with UAE governmental bodies
Can open an office anywhere in the UAE
FREE ZONES IN UAE
The UAE has been excelling economically over the last few decades and the lion’s share of the credit goes to free zones! Free zones in the country are undoubtedly, the strongest pillars of UAE’s robust economy. They have been fruitful in attracting remarkable amount of foreign investment, generating thousands of jobs and facilitating technology transfer into the country. More than half of UAE’s non-oil exports can be attributed to the 50 plus free zones in the country.
Dubai alone is home to more than 30 free zones, contributing significantly to the economy of the city.
Companies operating in the free zones are treated as being outside the UAE for legal purposes. The free zones are suitable for companies intending to use UAE as a regional manufacturing or distribution base, with the bulk of their business outside the UAE.
Legal entities in free zones
In a free zone, you can set up two types of companies; Free Zone Establishment (FZE) and Free Zone Limited Liability Company (FZ LLC). FZE is a single shareholder limited liability company, whereas FZC allows multiple shareholding (maximum 5). Companies can also establish a branch, a representative office or a subsidiary company of their existing or parent company.
An independent free zone authority governs each free zone and is the agency responsible for issuing free zone operating licenses and assisting companies with establishing their business in the zones. A free zone firm is governed by the rules and regulations of the free zone in which it is established.
Free Zone Advantages
The major benefits of establishing your company in a free zone are,
100% foreign ownership
100% direct tax free
100% repatriation of profit and capital
No corporate, withholding and inheritance taxes
No personal income taxes
No currency restrictions
Availability of skilled and experienced workforce
Efficient recruitment procedures
Highly developed infrastructure
High level of administrative support
Modern and efficient communication system
NOTABLE FREE ZONES
Jebel Ali Free Zone (JAFZA)
The oldest free zone in UAE, JAFZA, acts as a hub for the world’s biggest shipping companies. JAFZA’s total trade volume stood at a whopping amount of $83 billion in the year 2017.
Dubai Multi Commodities Centre (DMCC)
DMCC, which is home to a vibrant community, innovative infrastructure and world-class services, provides easy access to the world’s key commodities markets.
Dubai Airport Free Zone (DAFZA)
Located adjacent to Dubai International Airport, DAFZA is one of the fastest growing airports in the world. Rapid clearance and processing of paperwork at DAFZA maximizes business activity and efficiency.
Ajman Free Zone
Ajman Free Zone, located at the entrance to the Persian Gulf, is well positioned to serve eastern and western markets. Ajman is only a few minutes’ drive away from Sharjah and Dubai and it provides easy accessibility to the two international airports and four ports.
RAK Free Zone
RAK free zone is home to more than 13,000 multinational companies from over 100 countries, representing above 50 sectors.
Abu Dhabi Airport Free Zone
The strategic location of the free zone coupled with excellent infrastructure and multiple facilities makes ADAFZ one of the most preferred locations to start an enterprise.
SAIF Zone is the world’s first ISO certified Airport Free zone and the only Emirate with seaports on the East and West coasts. It showers immense benefits on companies involved in aviation business, airport and related infrastructure and companies that carry out trading of perishable products.
Dubai International Financial Centre (DIFC)
A leading financial centre in the Middle East, Africa and South Asia region, DIFC houses more than 2000 active registered companies with a combined workforce of almost 30,000 people. The areas of business within the centre include banking, professional services, global corporations, insurance and wealth management.
Abu Dhabi Global Market (ADGM)
ADGM is an international financial centre that acts as a key pillar of Abu Dhabi’s Economic Vision. The free zone provides a wide spectrum of services such as banking, insurance, wealth management, asset management and capital market activities.
Certain free zones in the UAE offer dual licenses, that allows free zone companies to expand their operations and have a wider outreach in the UAE market.
The business-accommodating laws, easier labour and immigration procedures and tax structures make these free zones one of the most sought-after business locations in UAE.
There are numerous reasons that encourage people to set up their business offshore and tax advantages, confidentiality and minimal bureaucracy, are just a few. Going offshore has become a trend in many countries, and UAE is no exception. According to sources, the UAE is among the top 10 countries in the world that hold the highest offshore wealth.
An offshore company is a business entity that is formulated in a low-tax or no-tax jurisdiction for the purpose of legally minimizing the tax payment and improving the investor ‘s wealth management. Primarily one would open an offshore company to gain confidentiality over one’s financial affairs and grow wealth without intrusion.
Offshore companies can eliminate or minimize many types of tax payments such as on capital gains, profits on business earnings and property sales. An offshore company legitimately assists in gaining confidentiality over the investors’ financial affairs.
An offshore company set-up offers numerous benefits to its investors; the major ones are-
Tax saving or deferral
A more favorable business climate
No restrictions on the remittance of profits and capital
Security of property rights
Notable Offshore Jurisdictions
JAFZA Offshore, Dubai
These offshore entities may act as an individual and have all the capabilities and privileges of a natural person
A Registered Agent (legal firms, auditors, consultants) is required to be appointed by the Company from the approved list of Registered Agents
There is a general prohibition on offshore companies from conducting business within UAE
Financial activities like business in banking, insurance or reinsurance are restricted. The Company name must end with the word ‘ Limited’ or ‘ Incorporated’
An offshore company can hold shares in both offshore and onshore companies in UAE
An offshore company can hold a bank account in the UAE for conduct¬ing routine operational transactions
An offshore company cannot hire office space and cannot apply for residential visas.
Directors are mandatory for any type of business setup and their numbers vary from one jurisdiction to another. Moreover, every free zone and offshore authority will have their set of rules and regulations which will affect the role and number of directors.
Recently, the UAE government has come up with various new initiatives that aim to make the country an investor-friendly destination. The Golden card, which gives you the permission to stay in the country for a period of 10 years, is one among them.
Eligibility for a long term (10-year) visa without a sponsor
Investors who have public investments of at least AED 10 million are eligible for the long-term residency visa, provided that the investment falls in any of the below forms;
A deposit of minimum AED 10 million in an investment fund inside UAE.
Investing a capital of not less than AED 10 million in establishing a company in the country.
Partnership with an existing or a new company with minimum share value of AED10 million.
A total investment of minimum AED 10 million in all areas stated, provided that the investment in sectors except real estate is more than 60 per cent of the total investment.
The second category of individuals who can apply for long term residency visa are the ones with specialized talents, which include talents and researchers in the fields of science and knowledge such as doctors, specialists, scientists, inventors, as well as creative individuals in the field of culture and art.
Executives with a salary of Dh30,000 or more can also apply for the visa, on the condition that the applicant should have at least a bachelor’s degree or its equivalent and five years of work experience. A valid employment contract is also mandatory.
Eligibility for a 5-year visa without a sponsor
Individuals who have invested in a property in the UAE, entrepreneurs and outstanding students can apply for a 5-year visa without a sponsor. The gross value of the property in which the person has invested should not be less than AED 5 million and it must be retained for a minimum three years.
Long-term residency visa will not only benefit investors and specialized talents, it will also add value to the economy of the country.
The UAE Cabinet has also amended provisions related to the resolution on family sponsorship of foreign workers. Contrary to the previous rule that allowed only workers doing certain jobs to sponsor their families, the new rule keeps income as a criterion. This means expats can live with their families in the UAE irrespective of their profession.
The UAE cabinet’s recent decision to abolish mandatory bank guarantee for labour recruitment and replace it with a low-cost insurance system, has also been welcomed whole-heartedly by companies and individuals alike.
Latest amendments by the government doesn’t end here; it extends to widows, divorcees and their kids as well, who has the option to apply for a one-year residency visa without a sponsor.
Another change in policy comes with respect to transit passengers. They can stay in the country for 48 hours with a free visa and they can extend their stay for another 48 hours, by paying 50 Dirhams.
UAE has been witnessing high growth in the number of foreign companies being registered here. The expat-friendly initiatives by the government are one of the primary reasons behind the growth. Along with this, initiatives such as Expo 2020, that has the potential to connect companies across the globe, has also helped elevate UAE’s position as a top-notch investment hub.
“The UAE is one among the most competitive nations in the world. The aim of the country is to remain a top destination for ease of doing business, through an agile economy based on flexibility and openness”, says Mr. Jay Krishnan, Partner at HLB HAMT.
Get in touch
Whatever your question our team will point you in the right directionStart the conversation
Sign up for HLB HAMT insights newsletters
A Study on Cyber Attacks and Security
It takes decades to build reputation and few minutes of cyber security negligence to ruin it
Vimal Ramachandran, Director
When a business is at the peak of success and when you feel nothing can go wrong, you become the target of hackers and the business comes tumbling down like a house of cards. Or as in other cases, your company might be already on a decline phase, not being able to survive the tough competition in the market and to add fuel to the flame, you get attacked.
Yahoo is one such victim of a massive cyber-attack. All three billion accounts of Yahoo were affected by several security breaches in 2013 and 2014; but it took Yahoo two years to disclose the breach. Email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and hashed passwords of millions of users were stolen and the incident remains one of the biggest data breaches in history.
The cyber breaches resulted in a huge loss for the company and they had to agree for a settlement package, that required it to pay a $50 million settlement to roughly 200 million people affected by the email service’s 2013 data breach. Yahoo’s UK wing was fined £250,000 by the UK Information Commissioner’s Office (ICO), for the 2014 breach.
The data breach adversely affected Verizon’s acquisition of Yahoo. The sale which was announced with a $4.8 billion price tag, was later on revised with a discount of $350 million, following the disclosure of cyber-attacks.
According to experts, Yahoo had ample opportunity to implement appropriate measures, and potentially stop customers’ data being compromised. But they failed to do so.
The world of cyber crime is vaster than ever and cyber attacks have become more of a sensitive issue, with companies losing not just their data, but money and fame as well.
The issue has become so crucial that companies, irrespective of the size and reputation, remains at the mercy of hackers. Cyber attacks hit businesses almost every day. According to former Cisco CEO John Chambers, “There are two types of companies: those that have been hacked, and those who don’t yet know they have been hacked.”
Your data might be safeguarded with multiple layers of advanced security; but do not turn a blind eye to the fact that hackers are skilled masterminds. A small vulnerability in your computer system’s defences is all it takes a hacker to exploit it. They will find flaws in the code of a website and insert their own code and then bypass security or authentication processes.
Negligent employees are one of the primary causes of cyber security breaches at SMBs. Choosing an easy-to-guess password or not changing the default password on something like a router, makes the job of a hackers easier and hassle-free.
Phishing, an oldest form of cyber-attack, still remains the most widespread and dangerous. With phishing messages and techniques becoming increasingly sophisticated, even technical users find it extremely difficult to recognize it. The method involves extracting personal information under false pretences. A hacker will send you an email asking you to change your password. The mail might look so genuine and professional that you might actually end up changing your password, without giving it a second thought. This is what happened in the run-up to the 2016 US election.
Russian hackers were on constant strive to get into major US institutions, including the White House and the state department. Their method was as simple as sending thousands of phishing mails, in the hope that at least one person will click on it. John Podesta, the chairman of Hillary Clinton’s campaign, fell prey to the tactics of the hackers. When he received the mail, he forwarded it to his chief of staff, who then sent it to the campaign’s IT team. Things took a U turn from here. The IT team mistakenly identified the email phishing for Podesta’s password as genuine and directed him to change his password. This resulted in Moscow accessing about 60,000 of Podesta’s emails. The hackers also breached the Democratic National Committee (DNC). The hackers didn’t have to rack their brains in this case, they rather played it smart.
Another common method of attack is a Distributed Denial of Service (DDoS), where a system is crashed by sending large amounts of traffic. In such incidents, users won’t be able to access the service, which results in revenue loss for the organization. If the service is essential, like in the case of a healthcare company, the consequences will be more than unpleasant. DDoS attacks have become bigger and devastating than ever before. A Cisco report reveals that the number of DD0S attacks exceeding 1 gigabit per second of traffic will rise to 3.1 million by 2021.
The attack on GitHub in 2018, which lead the development platform to struggle with intermittent outages for a brief period, is regarded as one of the world’s largest DDoS attacks. GitHub had to rely on its DDoS mitigation service, Akamai Prolexic, for support following the attack. Prolexic took over as an intermediary and steered all the traffic coming into and out of GitHub and sent the data via its scrubbing centers to remove and block malicious packets. After eight minutes, the attack was dropped off.
Hacking takes various forms and malware attack is one among them. There has been an alarming growth in the number of malware attacks in the last couple of years; nearly 9.32 billion malware attacks were identified in the year 2017. You would have absent-mindedly clicked on a link to download a file, or opened an attachment that may look harmless, unaware of the hidden danger. The malware then takes control of your system, monitors your actions and sends confidential data from your computer to the attacker’s home base, without your knowledge.
Viruses, worms, Trojan horses and ransomware have the capability to wreak havoc across business, government and personal computers. The 2017 WannaCry incident, dubbed as the biggest malware attack in history, infected 230,000 computers across 150 countries. WannaCry is a ransomware that functions like a network worm and spreads rapidly across a number of computer networks. After attacking a system, it encrypts files on the PC’s hard drive and hence, users won’t be able to access it. Decrypting the files will require you to pay a ransom amount in bitcoin.
A security vulnerability in older versions of Windows paved way for the attack. National Health Service was the main victim of the attack, with 70,000 devices hit, that included computers, MRI scanners and blood storage refrigerators.
If it wouldn’t have been for, Marcus Hutchins, a British web security researcher, who stumbled on a kill switch by registering a domain name found in the code, the outcome of such an attack would have been much more horrendous. But, even before that, $130,000 had to be paid in ransom!
According to FBI reports, number of ransomware attacks exceeds 4,000 per day, and 230,000 new malware samples are produced daily(as per other research agencies).
Not content with the current pattern of ransomware attacks, cybercriminals moved one step further by offering Ransomware-as-a-service, wherein they write ransomware code and sell or rent it to others. Even if a person is new to the world of cyber-attack or even if they lack the technical knowledge of how to create ransomware, they can launch attacks without much difficulty with this subscription-based malicious model.
Cyber-attacks are growing significantly, so are the victims. A survey conducted by Symantec, which involved interviewing 20,000 people across 24 countries, revealed that 69% of them were prone to some form of cyber-attack. On an average, 14 adults become the victim of a cyber-attack every second. The data gives us an insight about the seriousness of the issue. We know the method and frequency of cyber-attacks, but what is the motive behind these attack? Is money the only concern?
There are several possibilities that force people to commit such atrocious crimes. They might be young hackers who just want to show-off to their friends, organised cyber-criminal organisations who might be behind money or criminals aimed at political manipulation. A data from Radware, depicts the reasons behind why hackers hack:
• Ransom (41%)
• Insider threat (27%)
• Political (26%)
• Competition (26%)
• Cyberwar (24%)
• Angry user (20%)
• Motive unknown (11%)
Hacking for fun can be better explained with the example of Jonathan Jones, the first juvenile sentenced to serve term for computer hacking. James entered the hackers’ hall of fame, by hacking into NASA and Defense Department computers. He accessed the Marshall Space Flight Center in Huntsville, Alabama, and downloaded the proprietary environmental control software for the International Space Station, that controlled the temperature and humidity in the station’s living space.
While the above incident might sound like an immature teenager’s fun activity that went horribly wrong, some adults attack system for their personal gains. Kevin Lee Poulsen, an American former black-hat hacker, hacked into a Los Angeles radio station and blocked all the incoming calls. He took the extreme step to win a Porsche in a competition by the radio station, that was offered to the 102nd caller.
The rise in internet users has led to a significant growth in cyber-attacks. But that does not mean that the process is new; it’s history can be traced back to centuries. France was hit by the world’s first cyber-attack nearly two centuries ago. A national medical telegraph system that was created in the 1790s was attacked by a pair of bankers in 1834 to get a trading advantage in the bond market.
One of the first computer worms distributed via the Internet was the Morris worm or Internet worm of November 2, 1988. A graduate student at Cornell University unleashed a maliciously clever program on the Internet which soon started to propagate at an alarming speed. 6,000 of the approximately 60,000 computers that were then connected to the Internet were hit within a span of 24 hours. Files were not damaged or destroyed, but the impact of the attack was extremely powerful and emails were delayed for days. Some institutions had to stop using the internet for days. It was then that the world realized how important and vulnerable computers had become. Cyber security became a serious concern which was evident from the creation of country’s first computer emergency response team in Pittsburgh, just days following the attack. The incident served as a wake-up-call for everyone across the globe.
The viruses and worms that attacked networks in the olden days has transitioned to something more powerful and challenging in the current era.
Cyber attacks can be categorized into five generations, with the first generation beginning in the 1980s. The process involved transferring files between stand-alone PCS using floppy disks. The attack by Elk Cloner, one of the first known microcomputer viruses, falls in this category. The virus which was developed by a 15-year-old high school student, originally as a joke, attached itself to the Apple II operating system and spread by floppy disk.
In the mid-1990s internet started to become popular and it soon gave rise to the second generation of cyber-attacks. Compared to the first-generation viruses, much more malicious type of super-fast spreading worms took over that resulted in loss worth millions. Companies had to install firewall that helped in tackling the problem to a certain extend.
With the third generation came the demands for remuneration and cyber attacks became more of a business, contrary to the previous generations that were more prank-oriented. Hackers started to exploit vulnerabilities in applications, like in the case of Love bug, a computer worm that attacked millions of Windows personal computers in 2000. The email message which began with the words “Kindly check the attached love letter from me!”, launched the virus once you clicked on the attached file. The virus which was regarded as one of the most aggressive and nastiest, would spread by sending itself to all contacts in the recipient’s email address book. It had the capability to download more hazardous software from a remote website, rename files and redirect internet browsers, once embedded in a host computer.
The 4th generation of cyber-attacks began with Red October, an advanced Cyber-Espionage Campaign, that was aimed at global Diplomatic and Government Institutions. Highly-flexible malware was created by hackers to thieve sensitive data and geopolitical intelligence.
Hackers started to embrace higher levels of sophistication in the 4th generation, which had large-scale financial and reputational impacts on the public.
Currently we live in the 5th generation of cyber-attacks, wherein attackers have started to use latest technology to exploit vulnerabilities. The attacks can happen on networks, mobiles and even on clouds and are often large-scale, state-sponsored mega attacks.
Cyber-attacks are growing as rapidly as technological innovation, but how about cyber security? Are the current measures sufficient to combat attacks? Unfortunately, the answer is no. Many of the organizations use outdated security infrastructure and hence, aren’t equipped to handle these highly sophisticated attacks. According to a recent report, 97 percent of organizations are not prepared for these Gen V cyber threats.
Firstly, one need to understand the fifth-generation threat scenario and then take appropriate measures to protect your system from attack. Unless you have protection that is updated according to the current trends, you won’t be even aware that your network has been hacked.
Cyber defence strategies to strengthen your business against any form of attack is not an option anymore, it has become mandatory. There are numerous ways to defend yourself and your company against an attack and among them Two Factor Authentication (2FA) is one of the simplest yet effective measures. Adding an extra layer of security, other than a single password to gain access to your systems, will help in minimizing attacks drastically. This can take various forms such as an OTP( One Time Password), fingerprint scan, voice recognition or a question and answer. The process promises excellent results without much expense or complication.
Phishing scams have become more sophisticated over the years and separating wheat from chaff is indeed rocket science. These mails look so authentic that it somehow convinces the user to click on the link or open the attachment that comes along with it. So, the best thing to do is, ignore any such mail from an unrecognized sender or the ones that ask for personal or payment details.
A skilled IT team that can defend your company and help you recover in case you become the target of hackers, is more than obligatory. They should be updated with current industry standards and must adopt new Tools, Tactics and Processes (TTPs) for defending the company’s network.
All the employees within an organization might not be digitally skilled and hence, they are highly vulnerable. When you are not vigilant and ignorant of the various methodologies in which your network can be prone to attack, the scenario becomes much more tense.
A risk mitigation strategy adopted by certain companies is to “do nothing – accept the risk.” “If business owners are not willing to take necessary steps or actions to fix the security risks, they should keep the fund ready for the expected loss”, says Vimal Rama, Director of Information Technology, HLB HAMT.
Companies invest tremendous amount of money and resources into securing their networks, but when it comes to training their staff on the various aspects of attack and security, most of them lag behind. Security awareness programs will help you identify different target groups and methods and it ultimately creates a secure environment. Hackers will find it difficult to prey on employees’ ignorance once you are aware of the Do’s and Don’ts.
The rise in Internet-of-Things has posed many challenges to cyber security. On the one hand, your life has become quite easy, where you can control the devices at your house sitting at your office, but on the other hand, the technology can causer serious threats to security. IoT increases the vulnerability towards a cyber-attack, which forces you to step up and take measures to secure your devices. You should test your infrastructure before and after integrating IOT devices, which will help you identify potential security flaws, if any. If you haven’t installed a reliable and effective firewall on your devices, it’s high time you did it. Also, using an Intrusion Detection System, that will help in monitoring your networks, devices and systems for any suspicious activities, can help mitigate problems. To segment and limit the access privilege of certain devices, a device management tool can be of great help.
Secure Socket layer(SSL), a standard measure for secure internet browsing, helps in data encryption. Only the intended user will be able to access the data, thus providing privacy, security and data integrity. It enables secure online transactions between consumers and businesses.
These emerging security technologies will ensure data security to a large extend, but what if your system gets hacked even after protecting it with numerous layers of security? Discovering a malicious attack is indeed a tough call; it might take days and even months to identify an attack.
Hackers won’t inform the victims about their attack; most of the times they carry out their activities without the knowledge of the user. But a hacked system or network exhibits many symptoms and to figure out the same, you need to be extra vigilant.
Look out for these signs to know whether your system has been hacked;
• High outgoing network traffic
• Annoying ads on display
• Pop-up messages
• Disabled security solution
• Unfamiliar icons displayed on your desktop
• Unusual error messages
• Control panel not accessible
• Suspicious shortcut files
The first few hours following the discovery of an attack will be panicking and confusing. You might on the lookout for answers for various questions; when and how did this happen? Are the hackers still in our network? What will happen next? While it is human nature to freak out when a crisis like this occurs, it your action that should speak. Some companies just pull the plug out of the socket to protect their system. But the question is, is that the remedy?
Once a hack has been confirmed, you need to act quickly and carefully since every second counts. Try to get in touch with the incident response team, which can be an in-house group or an external company, as early as possible. “The way you react to a disaster shows how well you are prepared for it”, says Rama.
A study by IBM & Ponemon Institute reveals that leveraging an incident response team significantly reduces the cost of a data breach – saving companies nearly $400,000 on average.
Verifying the attack involves identifying the systems that has been hacked, determining which IP addresses were used and confirming the type of attack. You should immediately warn other users on the network about the attack, so that it doesn’t spread. The infected computers should be isolated and the breach should be disclosed to necessary parties.
Even if you were able to overcome the consequences of a cyber-attack, there is nil assurance that it won’t happen again.
Get in touch
Whatever your question our team will point you in the right directionStart the conversation