An Interview with GulfSec Founder Jameel Al Sharaf

Can you tell us more about GulfSec and what inspired you to start the business?

Gulfsec specializes in providing cybersecurity services and solutions primarily aimed at the fintech, banking, financial services and insurance sector. The idea emerged from my own experience working for large financial institutions where I struggled to find cybersecurity specialists who not only can deliver cybersecurity risk assessments and consultancies but can also provide hands-on technical know-how. Most organizations today do not usually have dedicated cybersecurity teams who can monitor and protect their systems and networks against potential cyber threats. Gulfsec can help such organizations continuously assess cybersecurity threats, understand the risks and resolve any vulnerabilities.

Can you tell our readers more about cybersecurity and why companies should invest in it?

Cybersecurity has never been a boardroom agenda item until recently when major organizations in our region and globally were hit by various types of attacks most commonly ransomware. Most organizations delegate cybersecurity issues to the IT teams to deal with as senior management tends to find the subject too technical to understand. Until such time when an attack does happen leaving such organizations exposed to operational and reputational risks and in some countries severe legal implications. There are two important facts about cybersecurity threats: 1) Cybersecurity threats transform and change to counter the advancements in technology. 2) There is no 100% permanent cure against cyber-attacks. Organizations in any sector must, therefore, keep elevating their defense against cyber threats especially if they are going through digital transformation initiatives.

Because of the recent pandemic, more and more companies have moved their work stations online. What is now your assessment of the cyber security risk especially in Bahrain?

The current pandemic situation has certainly tested the robustness and readiness of organizations to operate under strict measures. Those who have been prepared will no doubt have minimum disruption on their business operations. Others who have not adopted clear business continuity plans and strategies will certainly struggle. As organizations are forced to keep a minimum workforce onsite, new challenges emerge due to “work from home” guidelines. While accessing corporate resources from home will minimize the impact on the business operation, it creates serious cybersecurity challenges. Such challenges include unsecured home routers, infected home devices, shared home devices, non-backup of data, remote session compromise, weak passwords and social engineering attacks.There have been reports of increased cybercrime activities globally especially around fake COVID-19 donations and remote access hijacking. In Bahrain, and due to the advancements in technology and stable broadband network, many companies have resorted to the use of remote access tools to sustain business operations. Luckily, there has not been any reports of major cyber-attacks in Bahrain, however, the impact can only be assessed in a few months. It usually takes over 250 days to discover a cybersecurity vulnerability as hacking techniques have become sophisticated and will only be trigged whenever there is a chance to exert maximum damage.

What is your plan to scale Gulfsec?

As stated earlier, our focus today is to support the financial sector in Bahrain which is regulated by the Central Bank of Bahrain and subjected to stringent regulatory requirements including those covering cybersecurity. Our solutions and services are also vendor-agnostic, meaning, that we can be entrusted by our clients to provide transparent and unbiased assessments and remediation services. We also plan to expand to the healthcare sector as we believe this sector has never received the necessary attention from the regulators with regard to cybersecurity risks and data privacy legislations. By building a strong client base in Bahrain, we intend to expand to neighboring GCC countries. Our growth plans also include setting up partnerships with well-established consultancy firms to gain access to vast numbers of highly skilled resources at competitive prices.

What advice can you give to aspiring entrepreneurs and startups, especially in the cybersecurity field?

My best advice to anyone thinking about starting a company is to find a problem and come up with an innovative solution to build the business on. I think most of the failed startups are due to entrepreneurs creating solutions to problems that do not exist. This does not mean entrepreneurs cannot build businesses on problems solved by others; however, they must always try to find innovative approaches to problems. An example would be fast-food restaurants e.g. McDonalds vs. Shake Shack. Each company targets different segments of the market with a different range of products; however, both are ultimately fast-food chains. Entrepreneurs will always face challenges as they build their businesses, and many ideas will never succeed. The main goal would be to keep trying different ideas and different approaches at different times with different people and customers, just keep going until you achieve the ultimate success. Cybersecurity is a growing problem globally. As technology advances and new jargons emerge such as AI, IoT, Industry 4.0, Blockchain, Drones, Quantum Computing, VR and AR, cybersecurity threats will always be ahead. There will always be vast opportunities to solve cybersecurity problems as they lead to new entrepreneurial opportunities.