Dubai: Companies in the UAE may have only six months to start taking IT security seriously or face the consequences, according to the head of the one of the world's largest anti-malware companies.

Steve Chang, TrendMicro's chairman and co-founder, told Gulf News he thinks that a major attack, "something big," is coming. He said it would not just be targeted at the Middle East, but companies in the region could be in trouble because they do not yet take the threat seriously.

"The danger is people think 'I already have a firewall, I already own an anti-virus, anti-spam product, so I should be all right.' So that kind of complicity will cause the problems," he said.

Chang didn't speculate on how the attack would be carried out, but he did see "it happening in the next six months." Unfortunately, he didn't see companies in the region redressing security issues until someone gets hurt, adding that "some real serious information leakage" is what it will take to make companies address security concerns.

Targets

Even if a major attack doesn't materialise, companies still need to take IT security risks seriously. He said that people perceptions of the Middle East as a place with excess cash and lax security was only going to make the region a bigger target.

"This place is vulnerable - because of oil money and security," he said.

Oil companies themselves may have become targets, for reasons other than money. The oil industry uses large numbers of high-end computers for analysis purposes. Chang, who was in Dubai last week, said he was told of one major oil company in the region whose computer system had been completely shut down. The company did not know the reason why. But non-oil companies, especially those with digital assets, still need to be careful.

Problems

"People don't want their customer databases or their information leaking out of this area," he said, and if the oil companies or e-commerce where hit by an email attack or had their operations shut down, "it could cause big problems here."

While many companies, in an effort to maintain their reputations, won't disclose if they have been attacked, Chang said, "You just have to look at how much companies are paying for security to understand what's at stake." He said that last month TrendMicro completed a $6 million deal to provide security to one company and its customers.

Chang said customers also need to understand how the security landscape has changed. When he and Evan Chen, the company's CEO, founded TrendMicro in California (the company's headquarters is today in Tokyo, Japan) in 1987, there where a lot fewer viruses "At that time there were only 5 viruses a year. We saw over 5 million viruses last year."