99% of Arab websites suffer from security flaws, according to report

Poor security, lack of original content and bad design on Arab websites are seriously hindering the development of e-commerce in the Middle East, according to a group of organisations, which have joined forces to develop quality standards for the region’s internet industry.

  • E-Mail
By  Diana Milne Published  July 30, 2006

Poor security, lack of original content and bad design on Arab websites are seriously hindering the development of e-commerce in the Middle East, according to a group of organisations, which have joined forces to develop quality standards for the region’s internet industry. Dubai Internet City (DIC) and eHosting Datafort have formed Interstandards, the Arab Internet Standards Organisation (AISO), as a joint inititative to develop a certification programme for Arab commercial websites in association with the British Standards Institute (BSI). The organisations believe that the Arab world’s internet industry is plagued with inadequacies, including the lack of even basic security standards on some websites. Evidence of the latter comes from ‘ethical hacking’ actions carried out by eHosting Data fort during security audits on the IT systems of more than 30 organisations in the region over a four-year period. According to the company, the actions, which involved it acting as a ‘white hat’ hacker by exploiting vulnerabilities to enter the organisations’ IT systems, were “99% successful”. Ahmed Baig, manager of security consulting at eHosting Datafort, said: “What we do is we try to act like a typical hacker and try to penetrate into the corporate networks of the client.” “We actually gain the proof of our penetration through our records that we gather through the testing process,” he continued. “We have been successful almost all the time — it very clearly indicates that the basic level of due care and diligence is lacking in most of the networks,” he added. Baig went on to say that some companies tested by eHosting Data fort did not even have monitoring systems in place to indicate they had been hacked, only discovering months after an attack had taken place that they had been hit. “We have found some companies where the clients have been hacked for a few months and they are not even aware that they have been hacked,” he claimed. Baig believes that developing standards to improve the security of the region’s websites will go a long way to addressing what the companies perceive as a lack of trust among users in carrying out transactions online. This insecurity among users is one of the main factors hampering the development of e-commerce in the region, he claimed. “Basically, currently the main obstacle between us and a very viable Arab e-commerce market, like the one that is in the US for example, is confidence level of the users,” he stated. “The main obstacle remains trust and confidence for the users and today they do have a reason to be worried because very few websites in the Arab world are providing secure platforms for commerce transactions,” he added. “Users in the Arab world are willing to put a credit card and buy an item on Amazon.com and pay US$30 for the shipment and wait for two or three weeks but they will think many times before putting their credit card for a website in the region,” Baig claimed. The companies are still working with the BSI on developing the certification standards, which will cover design, content, marketing, applications and security. They hope to have certified 50 companies by the middle of next year and say a number of companies have already registered for certification, including aljazeera.net, maktoob.com, tejari.com and albawaba.com. As well as security issues, the companies hope to address issues around the poor content of the region’s websites — much of which they claim is copied or pasted from its original source on other sites, and breaches copyright laws.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code