Exploring Cybersecurity Ecosystem in the Middle East: Towards an SME Recommender System

Cybersecurity is described as the protection of data resources by treating threats that jeopardize data. Enterprises must manage the cybersecurity risks so that the security and resilience of their assets may be improved. Cyber-attacks on Small and Medium Enterprises (SMEs) are rising. However, they often lack effective strategies to prevent threats such as malware, phishing, denial of service (DoS), and others. Their weak defense system is often an attractive avenue for hackers to explore loopholes. There is a lack of cybersecurity initiatives in SMEs, and several past attacks have exposed the weak systems. This paper first attempts to investigate the current scenario of cybersecurity in the context of Middle East SMEs. A survey of SMEs in the Middle East (cybersecurity space) helped understand the existing scenario, actual requirements, and challenges SMEs face. The research then explores the need for SMEs to choose the apt security solution to cater to their business needs. By reviewing the existing standards and pointers in different parts of the world, this research proposes a cybersecurity recommender system for SMEs in the Middle East. One of the survey findings reveals that most SMEs require adequate cybersecurity awareness, followed by evaluating the organization’s preventive capabilities. The dearth of information available online and the IT consultants’ conflicting guidance usually creates an information overload in deciding a neutral solution to address their needs. The recommender system attempts to structure the information available as a framework in deciding a cybersecurity solution for SMEs.