Omnix International’s Walid Gomaa highlights how the company is democratising access to AI and delivering scalable services
38 IGNITING INNOVATION
Lenovo ISG’s Giovanni Di Filippo and Alaa Bawab on enabling Saudi Arabia’s AI and digitalisation ambitions
34 THE ZERO TRUST BLIND SPOT
SandboxAQ emphasises strengthening security with crypto agility
36 A NEW MEANING FOR MANAGED SERVICES
e& UAE on the evolution of managed service providers
58 The latest gears and gadgets to keep you ahead of the curve
THE NEW BATTLEGROUND
CrowdStrike’s Yassin Watlal on why AI is reshaping both the tools of the adversary and the future of cyber defence
DISRUPTION MEETS DEFENCE
The line between innovation and exploitation is thinner— and faster—than ever. We’re at a critical juncture where redefine risk in ways we’re still learning to navigate. The
Our cover story this month features CrowdStrike’s Yassin Watlal, who explains how threat actors no longer “break in”—they log in. According to CrowdStrike’s latest Global Threat Report, 79 percent of initial access intrusions are now malware-free, relying instead on stolen credentials and hands-on keyboard activity. Identity has become the new perimeter, and it’s being breached not through brute force but with chilling precision. Compounding this is the rise of adversaries weaponising AI—crafting deepfakes, automating reconnaissance, and even hijacking enterprise AI services in attacks known as LLM-jacking. We’re no longer battling lone hackers, but adversaries operating at
Elsewhere in this issue, ManageEngine’s Ramprakash
We also sit down with Omnix International’s Walid Gomaa, who explains how the company is democratising access to advanced technologies and empowering industries like AEC and oil & gas to innovate faster and more affordably.
Beyond AI and cybersecurity, we feature executive bylines from e& UAE on the evolving role of managed service providers, from Qualys on the rise of risk operations centres, and from SandboxAQ on why crypto agility is central to zero trust.
The message is clear: in a world moving at machine speed, resilience begins with readiness.
While the publisher has made all efforts to ensure the accuracy of information in this magazine, they will not be held responsible for any errors
The Dubai Future Foundation, in partnership with The Executive Council of Dubai, has launched the latest edition of the ‘Dubai Future Experts Program’. This initiative aims to empower Emirati professionals with advanced skills in strategic foresight and future planning.
Virgin Mobile UAE has introduced electric motorcycles for its delivery fleet, supporting the UAE’s Green Agenda 2030 and promoting sustainable mobility.
US-based data security firm Seclore has inaugurated its regional headquarters in Riyadh, aligning with Saudi Arabia’s Vision 2030 digital transformation agenda.
GITEX Asia 2025 launches at Marina Bay Sands in Singapore from April 23–25, marking the event’s first foray into Southeast Asia. The conference will feature over 700 tech companies, including 400+ startups and 250+ global investors, aiming to catalyze cross-border innovation and digital growth across the region
Cohesity promotes Gregg Petersen to Regional Director for Middle East
Cohesity has broadened Gregg Petersen’s responsibilities as Regional Director for the Middle East, reinforcing its commitment to data management innovation and regional growth. In his expanded role, Petersen will drive strategic partnerships and customer engagement across key markets.
Cloudflare has acquired Outerbase, a platform known for simplifying database management and visualisation. The integration aims to bolster Cloudflare’s developer experience by incorporating Outerbase’s user-friendly tools into its platform.
Dubai launches ‘Future Experts Program’
Virgin Mobile UAE rolls out electric motorcycles
Seclore opens Riyadh HQ
Cloudflare acquires Outerbase
GITEX Asia set to debut in Singapore
Kuwait inks AI deal with Microsoft
Kuwait has signed a landmark agreement with Microsoft to boost its artificial intelligence capabilities and fast-track its digital transformation goals in line with Vision 2035. The partnership will see Microsoft establish an AIpowered Azure Region in the country, supporting innovation, enhancing public
services, and strengthening the local digital economy.
As part of the agreement, Kuwait will benefit from a range of initiatives including an AI data centre, an integrated AI system, a centre to promote digital economy and state services, and a centre of excellence in
cloud auditing. The deal also includes access to Microsoft 365 Copilot, making Kuwait one of the first countries in the region to adopt this generative AI productivity tool in the public sector.
“The government will provide the civil servants with access to the Microsoft 365 Copilot, thus making Kuwait one of the first countries in the region using these solutions which contribute to enhancement of productivity and improvement of the state services,” said Minister of State for Communications Affairs Omar Saud Abdul-Aziz Al-Omar
The collaboration also introduces the Cybersphere initiative, aimed at enhancing cybersecurity readiness across the government sector. In parallel, a nationwide skilling programme will equip the local workforce with in-demand competencies in AI, cybersecurity, and cloud computing.
The partnership underscores Kuwait’s ambition to position itself as a regional hub for technology and innovation, building a digitally empowered economy for the future.
Dark web data leak exposes millions of bank cards: Kaspersky
A new analysis by Kaspersky has revealed that approximately 2.3 million bank cards have been leaked on the dark web, exposing a serious cybersecurity threat linked to infostealer malware. The data was uncovered by the cybersecurity firm’s Digital Footprint Intelligence team, which analysed malware logs from 2023 and 2024.
Kaspersky found that nearly 26 million Windows devices were infected with infostealers over the past two
years, including more than 9 million in 2024 alone. These malicious programs typically spread through deceptive methods such as phishing emails, fake websites, and infected software downloads. Once installed, they steal sensitive information like credit card details, login credentials, and cookies, which are later sold or shared on underground forums.
Redline was the most common
infostealer, responsible for 34% of infections in 2024. However, RisePro surged from just 1.4 percent in 2023 to nearly 23 percent in 2024, while Stealc also grew from three percent to 13 percent.
Kaspersky cautioned that the scale of infections could be even greater, noting that “threat actors may share logs containing sensitive data months or even years after initial infections.”
The number of Windows devices infected with infostealer malware over the past two years
Red Sea Global, Oracle to train 5,000 Saudi nationals
Red Sea Global (RSG), the developer behind Saudi Arabia’s flagship regenerative tourism projects The Red Sea and AMAALA, has partnered with Oracle to train 5,000 Saudi nationals over the next six months. The initiative aims to equip young Saudis with essential IT skills to support the Kingdom’s rapidly evolving digital
economy, in line with Vision 2030.
Training will be delivered through Oracle’s Mostaqbali learning platform, a free educational programme by Oracle University. The focus will be on digital skills relevant to technologyenabled jobs in hospitality and tourism, including hands-on experience with Oracle’s enterprise applications and cloud infrastructure.
“This initiative forms part of our commitment to support the growth and development of young Saudi talent across the Kingdom and help them achieve their potential,” said Sultan Moraished, Group Head of Technology and Corporate Excellence at RSG.
Reham AlMusa, Vice President –Business Applications, Public Sector, and Managing Director – Saudi Arabia at Oracle, added, “Oracle is committed to supporting Saudi Arabia’s Vision 2030 by empowering local talent with
Google to acquire cloud security firm Wiz for $32 billion
Google has entered into a definitive agreement to acquire cloud security firm Wiz for $32 billion in cash, marking the largest acquisition in the company’s history. The deal, pending regulatory approval, will see Wiz join Google Cloud to strengthen its cybersecurity offerings in a multicloud and AI-driven landscape.
Founded in 2020 and based in New York, Wiz provides a user-friendly cloud security platform compatible with major providers like AWS, Microsoft Azure, and Oracle Cloud. The platform enables organisations to detect and mitigate threats across complex cloud environments.
“From its earliest days, Google has been a leader in keeping people safe online,” said Sundar Pichai, CEO of Google. “Together, Google
Cloud and Wiz will accelerate advancements in cloud security and multi-cloud capabilities.”
Thomas Kurian, CEO of Google Cloud, said, “Google Cloud and Wiz are committed to making cybersecurity more accessible and userfriendly across industries. By enhancing security capabilities, we aim to help businesses reduce cyber-attack risks and minimise operational disruptions.”
Assaf Rappaport, CEO and co-founder of Wiz, said, “Wiz and Google Cloud remain dedicated to protecting customers across all major clouds. This acquisition strengthens our mission to enhance security and prevent breaches by leveraging additional resources and Google’s deep AI expertise.”
Oracle is committed to supporting Saudi Arabia’s Vision 2030 by empowering local talent with the skills needed for the Kingdom’s rapidly growing digital economy
the skills needed for the Kingdom’s rapidly growing digital economy.”
Since 2019, RSG has supported nearly 2,000 students through vocational and academic training programmes across key sectors.
By enhancing security capabilities, we aim to help businesses reduce cyber-attack risk
REHAM ALMUSA
ORACLE SAUDI ARABIA
Emirates Group co-locates to world’s largest solar-powered data centre
The Emirates Group has announced a strategic partnership with Moro Hub, a subsidiary of Digital DEWA, to co-locate its data centre at the Mohammad Bin Rashid Al Maktoum Solar Park—home to the world’s largest solarpowered data centre, as certified by Guinness World Records.
Set to begin mid-2026, the transition marks a significant shift in the Group’s technology infrastructure as it prepares for future growth. Moro Hub will provide comprehensive colocation services, including rack space, power, cooling, and equipment supply. The move will see the Emirates Group power its data centre operations with 3,000 megawatts of clean energy annually.
HE Saeed Mohammed Al Tayer, MD & CEO of DEWA, said, “We are proud to strengthen the Group’s sustainability journey with this strategic move to the world’s largest green solar-powered data centre... Moro Hub is set to drive sustainable economic growth and ensure a future powered by innovation and sustainability.”
Michael Doersam, Emirates Group’s Chief Financial & Group Services Officer, added, “By transitioning our digital operations to Moro Hub, we are building operational resilience, scalability and, above all, reducing our environmental footprint.”
FedEx launches AI-powered surround to boost smart logistics
FedEx has launched its intelligent monitoring and intervention solution, FedEx Surround, in the UAE to support smarter, more efficient logistics operations. The platform leverages near real-time visibility and AI-driven predictive analytics to help businesses monitor shipments and respond proactively to potential disruptions.
Designed for industries with highvalue or time-sensitive shipments— such as healthcare, aerospace, automotive, and high-tech—FedEx Surround is available in three service levels: Select, Preferred, and Premium. Key features include global visibility through an interactive dashboard, special handling codes for priority boarding and cold chain support, and 24/7 expert monitoring and response.
“At FedEx, we are constantly innovating with data-backed intelligent solutions to meet the
evolving needs of our customers,” said Nitin Navneet Tatiwala, vice president of Marketing and Air Network for FedEx Middle East, Indian Subcontinent, and Africa.
“The launch of FedEx Surround is a game-changer for businesses relying on just-in-time delivery and critical shipments. It empowers businesses to smartly intervene in real-time, ensuring that shipments are not only
The launch of FedEx Surround is a gamechanger for businesses relying on just-in-time delivery and critical shipments
monitored, but also actively managed to mitigate potential disruptions, enhancing decision-making, and ensuring peace of mind every step of the way.”
The new solution complements existing FedEx digital tools like FedEx Delivery Manager and the FedEx Import Tool, reinforcing the company’s focus on delivering smart, tech-driven enhancements to global commerce.
(LtoR) Michael Doersam, Chief Financial & Group Services Officer, Emirates Group and Eng. Marwan Bin Haidar, Vice Chairman & Group CEO, Digital DEWA (top) HE Saeed Mohammed Al Tayer, MD & CEO of DEWA
“BY EMBEDDING STRATEGIC
FORESIGHT
WITHIN GOVERNMENT ENTITIES, WE ARE DRIVING A TRANSFORMATIVE SHIFT
GOVERNANCE, ENSURING DUBAI REMAINS A LEADER IN FUTURE-READY POLICYMAKING ON THE GLOBAL STAGE”
Abdulaziz Al Jaziri, Deputy CEO, Dubai Future Foundation
THE DDOS DILEMMA:
POWERING A CYBER RESILIENT FUTURE
Celebrating excellence in cyber defence, resilience, and innovation, the Cyber Strategists Summit & Awards 2025 will honour the visionaries safeguarding the digital future and leading strategic advancements in cybersecurity
The Cyber Strategists Summit & Awards 2025 returns as the premier gathering for cybersecurity leaders, innovators, and decision-makers across the Middle East. As cyber threats grow in sophistication and scale, organisations must adopt resilient strategies, integrate AI-driven security solutions, and fortify their defences against evolving risks.
In the era of AI-powered cybersecurity, defensive strategies must evolve to combat adversarial AI, deepfake attacks, and autonomous threats. This summit explores how AI can enhance cyber resilience, automate threat detection, and drive a proactive security posture.
With 93 percent of boards viewing cyber-risk as a threat to stakeholder value, according to Gartner, cybersecurity has moved from an IT concern to a business imperative. Organisations must rethink their approach to security, embedding AI-powered threat intelligence, zero-trust frameworks, and real-time risk management into their core strategies.
As cyber threats escalate and regulatory landscapes evolve, the role of CISOs, CIOs, and security strategists has never been more critical. These leaders are now central to business resilience, regulatory compliance, and digital trust, shaping security-first cultures within their organisations.
This year’s edition brings together CISOs, CIOs, security strategists, and industry pioneers to discuss cutting-edge solutions, regulatory developments, and real-world case studies shaping the future of cybersecurity.
Nominations are open!
If you or someone you know has played a key role in driving cybersecurity innovation, now is the time to be recognised. Submit your nomination and celebrate the innovators shaping a cyber resilient future!
How to nominate:
1. Visit the website: https://www.cxoinsightme.com/css/2025/
2. Click ‘Nominate Now’ to access the submission portal
3. Select your category: End-users or Vendors
4. Complete the nomination form with detailed information, including specific achievements, contributions, and measurable impact within the cybersecurity landscape
5. That’s it! Fingers crossed and wait for the results to be announced at the gala night on 7th May 2025.
MIDDLE EAST AND AFRICA’S LARGEST CYBERSECURITY EVENT
THE NEW BATTLEGROUND
Yassin Watlal, Head of Systems Engineering and Solution Architect, CrowdStrike, META, shares insights into how identity has become the new perimeter and why AI is reshaping both the tools of the adversary and the future of cyber defence
Cybersecurity in 2025 is a race against speed, scale, and sophistication. Threat actors are no longer working in isolation or relying on rudimentary tactics. They have become structured, well-funded, and enterprise-like in their operations, enabled by a vast underground economy and accelerated by the capabilities of artificial intelligence. At the same time, many defenders are still adapting to this shift, constrained by fragmented systems, legacy mindsets, and the growing complexity of their digital ecosystems.
This gap between the speed of attack and the speed of defence is where cyber resilience is being tested. The latest CrowdStrike Global Threat Report underscores just how quickly the threat landscape is evolving. It reveals that 79 percent of initial access intrusions are now malwarefree, relying on stolen credentials and hands-on keyboard activity.
“Hackers or threat actors nowadays, they don’t just hack—they don’t break in, they actually log in inside an environment,” explains Yassin Watlal, Head of Systems Engineering and Solution Architect, CrowdStrike, META. This change, he says, marks a fundamental shift in how organisations need to approach cyber defence. Identity has become the new perimeter, and without visibility into how identities are being used—or misused—organisations are left exposed.
This shift has also given rise to the influence of access brokers – actors that specialise in stealing and reselling credentials, creating a ready supply of initial access opportunities for ransomware groups, espionage units, and cybercriminals. “Their particular focus is on identity and stealing credentials from the environment and then reselling them on the dark web,” says Watlal. Once inside, attackers use legitimate logins and mimic normal user behaviour, making them difficult to detect with security solutions.
The rise of the AI-powered adversaries
Adding to the complexity is the rapid weaponisation of generative AI. Adversaries are using AI not only
to craft more convincing phishing messages, but also to generate synthetic media, manipulate voice samples, and automate reconnaissance. The CrowdStrike report also documents a 442 percent rise in voice phishing—or vishing— within six months, along with a 150 percent surge in cyber espionage campaigns originating from China. “Threat actors are practitioners. So, whenever a new tool is introduced, threat actors will use it. They will add it to their global toolset,” says Watlal.
Just as AI empowers innovators, it equally enables adversaries—lowering the barrier to entry while amplifying the scale and impact of their operations.
One particularly concerning development is the emergence of LLM-jacking. In this type of attack, adversaries steal credentials to access enterprise AI services, allowing them
to run large-scale language model queries, extract sensitive information, and inflate operational costs for the target organisation. With legitimate access in hand, attackers can remain undetected for longer, making their actions both stealthy and scalable.
“With this access, the threat actor can extract confidential information, as well as perform actions such as data poisoning,” says Watlal. “Attackers gain unauthorised access to these models and can also poison inputs to compromise future outputs.”
Watlal also points to the rise in real-world cases where identity-based deception has gone beyond phishing emails and into the realm of fullblown impersonation. The threat actor group known as Famous Chollima, linked to North Korea, exemplifies this evolution. “They used AI to infiltrate some organisations. Some of the threat
actors were literally working inside the organisation,” he explains.
According to Watlal, the result is dangerous fragmentation. “We hear on average, 45 security tools are being managed on an enterprise level… they don’t talk to each other,” he says. In this kind of disjointed environment, attackers thrive.
To counteract this, he argues for a more unified and contextual approach to security—one that connects the dots across endpoints, users, cloud workloads, and identity systems. This is where AI can play a powerful role. “AI is a fantastic solution—it will help speed the responses, speed the investigation, and ensure that we make faster decisions while understanding the full context,” he says.
AI as a cyber defender’s edge
But while AI is being exploited by adversaries, it is also becoming a crucial ally for defenders. Watlal notes that artificial intelligence, when properly applied, can streamline threat detection, triage alerts, and empower analysts—particularly those in Security Operations Centres (SOCs)—to make informed decisions under pressure.
Just as AI empowers innovators, it equally enables adversaries— lowering the barrier to entry while amplifying the scale and impact of their operations
Using AI-generated resumes and deepfake technology, these operatives were able to secure remote employment, gaining legitimate access to enterprise networks. In several cases, they even passed video interviews with AI-generated responses and went undetected until investigators traced the devices to facilitator running laptop farms. It’s a chilling example of how identity abuse, AI, and social engineering can now converge into highly effective insider threats.
These developments highlight why identity is no longer just a security issue—it’s a strategic one. Yet many organisations still treat identity security as a standalone function, often managed with limited integration across other parts of the environment.
“We are deploying AI because it brings a tremendous amount of value... The attack happens at machine speed, so we need responses at machine speed as well,” he explains. One of the most effective use cases for AI in defence is agentic triage, where routine investigation tasks are handled autonomously, freeing up security operations teams to focus on more complex decisions. “Leaving the AI—or what we call agentic AI—the tasks to do the triage on an alert is another step.”
This growing sophistication on the part of attackers also redefines what’s expected from defensive platforms. It’s no longer enough to collect telemetry across endpoints, cloud environments, and user identities—organisations need real-time correlation, contextual awareness, and intelligent automation.
CrowdStrike’s approach to this challenge is built around an AI-native architecture that fuses telemetry from trillions of daily events with real-time threat intelligence. The platform leverages behavioural AI and machine learning to detect subtle anomalies, reduce false positives, and provide analysts with meaningful, prioritised alerts. By unifying data across
Editorial credit: Adnan Ahmad Ali / Shutterstock.com
endpoint, identity, and cloud domains into a single platform, it helps eliminate the very silos that attackers depend on.
To further accelerate detection and investigation, CrowdStrike integrates these capabilities into its next-generation SIEM solution. Unlike traditional SIEMs that are often slow, storage-intensive, and reactive, CrowdStrike’s solution is built for speed and scale—processing massive volumes of log data in real time, enabling security teams to query across datasets instantly, and correlate events across multiple domains. This empowers defenders with context-rich insights, enabling faster decisionmaking and reducing mean time to detect and respond.
Watlal underscores the value of this unified visibility, especially in today’s fragmented enterprise environments. He explains how AI is embedded across the detection and response pipeline—not just for threat hunting but also for alert triage, incident correlation, and analyst enablement. “AI can’t work in isolation,” he notes. “It has to be integrated into the fabric of your detection strategy, helping you see across blind spots and act faster than the threat can move.”
This approach also supports proactive threat hunting—combining
behavioural analytics with adversary intelligence to detect novel patterns that signature-based tools miss. In an era where adversaries pivot quickly and hide in plain sight, that proactive intelligence edge can be the difference between a contained incident and a business-disrupting breach.
Human + machine: A collaborative future
Despite the benefits of automation, Watlal challenges the common belief that people are the weakest link in cybersecurity. For him, the opposite is true. “Humans are actually the strongest assets in a company. They bring the creativity, they bring the innovation inside the company,” he says. What organisations need, he argues, is a model of human-machine collaboration—where AI supports, not replaces, human judgment.
Speed, however, remains the critical differentiator. According to the GTR, the average breakout time—the window between initial access and lateral movement—is now 48 minutes. In some cases, it’s less than a minute. These numbers are more than just statistics. They are a stark reminder of how quickly an intrusion can escalate. To survive in this environment, organisations must
build systems that operate at the same speed as the adversary.
Watlal emphasises that protecting identity is of utmost importance, and that visibility must span across all domains to effectively detect and respond to threats. Threat intelligence must be timely, integrated, and actionable. And responses must be both swift and informed. These are the pillars of cyber resilience today—not just having more tools but having the right context and coordination between them. “We need to have a tool, a platform... completely unified and completely integrated,” he says.
Yet even as organisations race to modernise, a new risk is emerging: the gap between adoption and understanding. “We are deploying AI faster than we are securing it,” Watlal cautions. In their effort to stay competitive, many companies rush to integrate AI tools without fully considering their security implications.
Still, he remains optimistic about the future. “Security is a data problem—and AI thrives on data. Right now, security teams are overwhelmed by siloed tools and fragmented consoles, making it difficult to respond quickly. But AI can help cut through that complexity—not just today, but in the future as well,” explains Watlal.
10 SUPPLY CHAIN TECHNOLOGY TRENDS FOR 2025
Supply chains are entering a new era — one where connectivity and intelligence are no longer optional, but foundational to success. As the global landscape grows increasingly volatile, traditional supply chain models that rely on static planning and manual oversight are proving insufficient. The future belongs to organisations that can sense, adapt, and act in real-time — and technology is the catalyst.
According to Gartner’s latest report on the Top Supply Chain Technology Trends for 2025, the industry is
now at a tipping point. The shift is no longer about digitising existing processes but about reimagining the supply chain as a dynamic, intelligent ecosystem — where virtual agents can autonomously optimise inventory, sensors track goods invisibly at scale, and simulations anticipate disruptions before they happen.
Gartner experts underscore this transformation, noting that by embracing technologies like agentic AI and intelligent simulation, supply chain leaders can unlock innovation, boost productivity, and build long-
term competitive advantage. But the message is clear: it’s not about adopting every trend — it’s about aligning the right technologies with strategic business outcomes.
From polyfunctional robots reshaping warehouse operations to decision intelligence providing explainable, data-driven insights, 2025 will reward those who combine vision with execution. The leaders of tomorrow are those investing today — not just in tools, but in ecosystems that support resilience, agility, and continuous improvement.
Here are the 10 game-changing supply chain technologies to watch in 2025:
Ambient Invisible Intelligence
Powered by ultra-low-cost, compact smart tags and sensors, ambient invisible intelligence enables largescale, cost-effective tracking and sensing throughout the supply chain. It provides real-time, end-to-
end visibility, making it particularly valuable for monitoring perishable items and ensuring compliance with environmental regulations through enhanced traceability.
Augmented Connected Workforce (ACWF)
ACWF initiatives utilise digital tools to enhance decision accuracy and minimise variability, helping to bridge the widening skills gap in today’s workforce. By digitising standard operating procedures, organisations can accelerate employee onboarding and boost productivity across manufacturing and logistics functions.
Multimodal UI
A multimodal user interface allows individuals to engage with systems using various forms of interaction, such as voice, gesture, or visual input, improving both usability and operational efficiency. In logistics, this approach is being implemented to enhance driver safety and increase productivity through voice commands and gesture-based controls.
Polyfunctional Robots
Designed to perform a variety of tasks, polyfunctional robots bring adaptability to supply chain environments by taking on multiple
roles. Increasingly deployed in warehouses, these robots handle functions like sorting, picking, and packaging — significantly reducing the need for human labour.
Agentic AI
Agentic AI introduces a virtual workforce of autonomous AI agents capable of independently executing decisions. These systems increase agility and operational efficiency, with use cases such as dynamically adjusting inventory levels based on real-time demand forecasts.
Autonomous Data Collection
Emerging technologies like drones and mobile robots facilitate autonomous data gathering, boosting efficiency while lowering labour demands. In warehouse environments, for instance, drones conduct inventory checks with greater speed and accuracy, reducing both time and risk compared to manual methods.
Decision Intelligence (DI)
Combining decision modelling, AI, and analytics, Decision Intelligence supports, enhances, and automates the decision-making process. It enables supply chain leaders to gain insights into how decisions are formed and refine them continuously based on feedback and outcomes.
Intelligent Simulation
By integrating artificial intelligence and machine learning into traditional simulation tools, intelligent simulation enhances forecasting and strategic planning capabilities. It empowers organisations to fine-tune logistics routes, warehouse configurations, and other operational scenarios to boost efficiency and cut costs.
BEYOND THE BLUEPRINT
Walid Gomaa, CEO, Omnix International, discusses how the company democratising access to AI and delivering scalable services—powering innovation across AEC, oil and gas, and smart infrastructure
What are the key trends shaping Omnix International’s strategy in 2025?
Our focus is to remain the leading provider of specialised technology services across the Middle East, particularly in high-impact areas like AI, automation, and digital twins. AI continues to be central to our conversations with clients. We’ve already implemented AI use cases across industries such as transportation, oil and gas, and government. This year, we are scaling those use cases further across the region.
We’re also launching service offerings that help customers determine how to begin their AI journey—where to start, how to build a business case, and what foundational steps are needed. Traditionally, only large consulting firms offered such guidance. We’re democratising that access by offering these services in a far more cost-effective way.
Another major pillar is hyperautomation. Many organisations are still far from realising its full potential, so we’re working to close that gap.
Then, there’s our digital twin practice. Thanks to our crossfunctional capabilities—from consulting and integration to platform development—we can deliver true end-to-end digital twin solutions. And we’re also placing a strong emphasis on data governance because, without quality data, even the best AI initiatives will fail.
Finally, we’re adapting each of our focus areas—whether AI, automation, digital twins, or data services—into our “as-a-service” offerings. The goal is to make these technologies more accessible and scalable for customers who may not have the in-house capabilities or resources for full-scale deployments. By offering them through a managed or subscription-based approach, we enable organisations to adopt advanced solutions more affordably and incrementally.
In terms of business and market expansions, we see tremendous untapped opportunity within the region. Each GCC country has its own vision— like Saudi’s Vision 2030, Oman’s Vision 2040, and Bahrain’s AI-first 2035—and we’re aligning ourselves closely with those national priorities.
We’re also deepening our partnerships. We’re working with startups specialising in areas like LLMs and computer vision to complement our solutions. From a vendor perspective, we’re collaborating with leaders like Autodesk, OpenText, IBM, Software AG, and Matterport. On the cloud front, while we already work with Microsoft Azure, we’re expanding into AWS and Google Cloud—particularly with their growing presence in Kuwait and Saudi Arabia.
Digital transformation is reshaping industries like Architecture, Engineering, and Construction (AEC), manufacturing, and infrastructure. How do you expect these industries to evolve?
In industrial sectors such as AEC and manufacturing, digital twins have shifted from being conceptual to becoming practical and essential. Initially, digital twins were limited to wearable-enabled visualisations or remote support. Today, we’re helping manufacturers model entire facilities virtually before any physical changes are made. This allows them to simulate production layouts, test outcomes, and improve productivity at a fraction of the cost.
Traditionally, these models were built manually using software like Autodesk. Now, we offer laser-based scanning to build models much faster and with higher accuracy. We can scan a facility in days rather than weeks or months and convert it into a digital twin that supports real-time visualisation and navigation.
We’re also integrating IoT sensors for real-time data on temperature, vibration, and other metrics, enabling predictive analytics. When you layer in AI, these twins don’t just reflect the current state—they predict and recommend.
In the AEC industry, we’re enabling daily progress tracking by comparing construction against the original BIM model. It’s also transforming collaboration, giving contractors, consultants, and owners a shared visual reference.
In oil and gas, companies like Aramco are looking at digital twins for upstream and downstream operations—from rig management to processing and logistics. We’ve integrated CCTV and sensor data into these twins to give operators a realtime view of remote sites, even from hundreds of kilometres away.
We’ve also applied this in ports, where visual and sensor data is integrated into a port’s digital twin to optimise ship arrivals, unloading, and customs clearance.
With such highly regulated industries, how do you ensure compliance, especially around data privacy and governance? It all starts with understanding the customer’s regulatory environment. In some cases, there are mature data
governance frameworks; in others, there are none. In both scenarios, we take an ethical, transparent approach—clearly communicating what data is accessed, how it’s processed, and securing consent where necessary.
If the customer requires data residency, we ensure deployment within in-country data centres. And while not all data is sensitive—like temperature readings—data tied to critical infrastructure is handled with strict confidentiality protocols.
Shifting gears to your HOT (Hardware Optimised Technology) systems. What drove the creation of this product line, and what sets it apart?
HOT was born out of real-world issues. For instance, opening large Autodesk files used to take hours. We realised the issue wasn’t just about using powerful hardware—it was about understanding the software workflow and optimising the hardware accordingly.
HOT systems are built with performance at their core. But instead of just throwing more CPU or GPU power at the problem, we optimise the configuration based on software behaviour. That’s what sets us apart from off-the-shelf machines.
We’ve proven this in the field. For example, in side-by-side tests with major vendors at organisations like Azizi and Shurooq, our systems delivered 35 percent better performance for drafting and modelling tasks.
We also offer multiple form factors—desktops, laptops—and even developed custom liquid cooling solutions to solve overheating issues in mobile workstations. Plus, we’re extremely agile. If a new GPU or CPU is released, we can integrate it within weeks—not months.
Finally, how do you ensure that both your services and systems remain future-proof and aligned with evolving customer needs? Our innovation is driven by two things: customer feedback and industry trends.
When customers say, “We’re
HOT systems are built with performance at their core. But instead of just throwing more CPU or GPU power at the problem, we optimise the configuration based on software behaviour
spending too much on cloud-based AI agents,” we explore how to run those workloads locally. For instance, we’re testing ways to run DeepSeek models directly on HOT Systems.
We also act on performance pain points. If a customer faces bottlenecks, we reconfigure and test alternative setups—sometimes even developing new services, like integrating Autodesk with third-party security tools. That kind of agility and problem-solving mindset is what keeps our offerings both relevant and future-ready.
Walid Gomaa, Omnix International
Is your company turning data protection into a competitive advantage?
Aftab Saloda, Senior Vice President and Business Head of Cybersecurity
Services at Silverse, shares insights into data protection and cybersecurity in the Middle East and how organisations can leverage them to power ahead of their competition
The expansion of the data protection sector across the Middle East has followed the diversification of the region’s economies beyond traditional industries such as oil and gas, logistics, and retail, and the embrace of a digital future. If organisations fail to protect data, they can incur steep costs due to litigation, loss of brand value, technical fixes, and so on. Conversely, implementing robust protection measures and complying with relevant regulations comes with a range
Striking the right balance between robust data protection measures and user convenience can be difficult
of benefits, such as reduced risk of data breaches and increased trust from investors and customers.
Countries across the Middle East have been demonstrating an increased commitment to the protection of data. However, growing cyber threats, increased dependence on complex supply chains, the pressure of regulatory compliance, and unstable geopolitical situations are contributing to an uncertain cybersecurity landscape in 2025.
Having said that, with this uncertainty comes opportunities for businesses in the region to reshape their processes and emerge as leaders in their industries.
Why data is being increasingly targeted in the Middle East
While many regions are experiencing increased data breaches, the Middle East has become a prime target for cybercriminals. “High-value targets such as oil and gas industries and HQs of major businesses are stationed in the region,” says Aftab. “Criminals are also targeting growing businesses, start-ups, and newer businesses such as digital banking and cryptocurrency transactions.”
But the reasons go beyond ideal targets. “Vulnerabilities arise in rapid digital transformation, global megaevents, and outdated systems and software,” Aftab notes.
Top emerging data protection trends
Data protection trends in the region are rapidly developing in response to both tightening regulations and increasing cyber-attacks.
“The major trends,” says Aftab, “have to do with the adoption of tech.
Aftab Saloda, Senior Vice President and Business Head of Cybersecurity Services, Silverse
Think zero-trust architecture, data encryption and privacy by design, identity systems modernisation, advanced threat intelligence, automated response systems, and using AI/ML for threat detection.”
Additionally, there is an increased focus by governments on keeping data within country boundaries. Aftab explains, “This helps to ensure sovereignty over data and protect citizens’ privacy.”
Understanding challenges in data protection implementation
While data protection is on the agenda across industries, Aftab highlights that many companies face obstacles in its implementation.
He points out, “Organisations struggle with continuous monitoring and timely incident response. A shortage of skilled cybersecurity professionals, coupled with complex regulatory environments, exacerbates the issue.”
Some challenges stem from the need to balance business priorities.
“Striking the right balance between robust data protection measures and user convenience can be difficult,” says Aftab. “Furthermore, the high cost of advanced security solutions can be a deterrent.”
Another hurdle is integrating new technologies with legacy systems. “Adopting cutting-edge technologies while maintaining the functionality and security of older systems can be a complex task,” Aftab explains.
Lastly, there is often a lack of a security-focused culture. “Security is still often an afterthought in local business houses. Their investment in data protection controls is largely driven by enforcement of regulation (resulting in a tick-box approach of focusing on reporting while not addressing underlying issues) or a major security breach in the organisation.”
Low-hanging fruits
Organisations can begin with several high-impact, easily achievable measures.
“Companies should tighten identity and access management systems and processes, ensure timely software updates and patches, conduct regular security audits and vulnerability assessments, and establish clear data governance policies,” says Aftab.
He further emphasises the importance of training and awareness to help create a security-conscious culture and reduce human error. “Regularly train employees on cybersecurity best practices, and initiating cyber awareness for the board and leadership to integrate cybersecurity into the core business,” Aftab notes.
Data protection laws that CEOs and board members should be familiar with
Certain laws are crucial to ensure compliance and protect organisational data. Familiarity with these regulations helps to mitigate legal risks and build customer trust.
Aftab points out, “Key laws for familiarisation include the UAE’s Personal Data Protection Law (PDPL) and Qatar’s Personal Data Privacy Protection Law (PDPPL).” He further emphasises, “CEOs and board members should also stay updated on any amendments or new regulations. Understanding the implications of non-compliance is essential for strategic decision-making.”
As data security concerns grow, businesses across the Middle East are focusing on several critical areas, primarily within technology. Aftab notes: “Organisations are increasingly investing in identity and access management solutions, data loss
prevention (DLP) technologies to prevent unauthorised data transfers, and cloud security, endpoint protection, and advanced threat intelligence systems.”
Downsides of Gen AI adoption regarding data protection
While Gen AI can streamline operations, it also comes with a string of potential risks. In a region such as the Middle East, where data security is tied to both corporate competitiveness and national security, the stakes are high.
“Some of the risks,” Aftab points out, “include misuse of sensitive information, non-compliance of AI systems with data protection regulations, data breaches, and AI algorithms inadvertently introducing and exacerbating biases.”
It is important to remember that certain risks circle back to how organisations leverage Gen AI. “There must be accountability and transparency in AI decision-making processes,” Aftab says. “Companies must also address the ethical implications of Gen AI use.”
Reaching the “mature” stage of cybersecurity readiness
Cybersecurity readiness refers to an organisation’s ability to identify, prevent, and respond to cyber threats. It encompasses cybersecurity processes, technologies, culture, and policies. The more mature the stage of readiness, the better a company is able to prevent and mitigate cyber threats.
In the Middle East, most organisations have not yet reached the mature stage. Aftab points out the infrastructural and technological factors that contribute to this: “Critical factors include insufficient investment in cybersecurity infrastructure and the rapid pace of technological change outpacing security measures.”
A key component to building cyber resilience is fostering an ecosystem to share threat intelligence. “By collaborating with peers, industry groups, and government entities, companies can gain crucial insights into emerging threats, trends, and best practices,” says Aftab.
Another vital strategy is the creation of a disaster recovery plan. Aftab explains: “This plan should focus not only on data recovery but also on minimising operational downtime. In the fast-paced business environment of the Middle East, where continuity is critical, quick restoration of operations can reduce the impact of a cyber incident. Organisations should, furthermore, regularly test and update the plan. Equally important is the development of a robust incident response plan, which should detail roles and responsibilities, communication strategies, and procedures for identifying, containing, and mitigating potential breaches.”
On the technical side, Aftab says, “Implementing continuous monitoring is essential for early detection of potential vulnerabilities or breaches. In addition, adopting a zero-trust security model will reduce the risk of unauthorised access.”
The Middle East has introduced a diverse set of laws and frameworks for data protection, from the UAE’s Personal Data Protection Law (PDPL) to Qatar’s Personal Data Privacy Protection Law (PDPPL). Silverse is uniquely placed to help organisations comply with these laws.
“Silverse provides bespoke cybersecurity solutions, including regulatory compliance consulting and technical implementation, that align with regional laws,” explains Aftab. “With our proactive and innovative approach, which also incorporates automation, organisations can sprint ahead of emerging threats.”
There must be accountability and transparency in AI decision-making processes
However, culture and strategy also play a part. “A lack of cyberawareness, reactive rather than proactive approach to cybersecurity, absence of a comprehensive cybersecurity strategy, and limited collaboration between IT and business units also hinder cyber-readiness,” says Aftab.
He further says: “Our skilled cybersecurity practitioners have experience in working on large complex projects across geographies, and we boast a deep understanding of local market dynamics. This enables us to offer strategies tailored to specific regions and organisational goals.”
ACCELERATING INTELLIGENT INNOVATION
Ramprakash Ramamoorthy, Director of AI Research at ManageEngine, shares how the company is building IT-native AI models, scaling agentic capabilities, and navigating the complex intersection of privacy, bias, and business value in the age of generative AI
What are the major AI trends ManageEngine is currently focused on?
We’re concentrating on three key areas. First, we’re building bespoke, IT-native foundational AI models. While large language models like ChatGPT are widely used, their impact on IT operations is still minimal. We’re creating models tailored to IT contexts—ones that understand configuration changes, security incidents, and flow packets.
Second, we believe in right-sizing models. Not every problem requires a large LLM. Sometimes, a lightweight, explainable machine learning model does the job more efficiently. For example, translating user input to a database query might need a larger model, but for anomaly detection or forecasting, a smaller model is better. Third, we’ve launched agentic AI, where agents act as a bridge between structured IT data and LLMs. These agents are designed to
work within enterprise environments, and this year we’ll expand them with a low-code/no-code Agent Builder and a library of pre-built agents.
What powers these AI agents under the hood?
Two things: the models and the infrastructure. We’ve deployed over 80 algorithms—covering forecasting, anomaly detection, capacity planning, and more. These act as tools for agents to interact with and summarise incidents.
What excites me most is the acceleration of creativity and productivity. AI is becoming like mobile apps—once a novelty, now a necessity
On the infrastructure side, our agents are built on privacy-aware foundations. We’ve integrated them with our search platform, ensuring strict data boundaries. For instance, even if you and I work at the same company, your agent won’t be able to access my data. These privacy rules are hardcoded into the system.
How do you ensure that your agents continue to evolve and learn efficiently, while still respecting individual data privacy and boundaries?
That’s a crucial point. Each customer has their own isolated model instance. We start with a base open-source model, then deploy it separately for each environment. The model only learns from that customer’s data. There’s no cross-training or shared learning across environments. This respects privacy while still enabling meaningful evolution of the model in a controlled way.
Furthermore, unlike many companies that act as resellers for public cloud platforms, we operate our own data centres. We currently have 18 and continue to invest in more. This allows us to fully comply with evolving data sovereignty laws across different geographies.
Beyond agentic AI, what else is on your roadmap?
We’re doubling down on bespoke foundational models, especially for knowledge graphs. In IT, symptoms— like a slow website or noisy database alerts—don’t always reveal the root
Ramprakash Ramamoorthy, ManageEngine
cause. With knowledge graphs, we can trace how issues propagate across an IT stack and identify the real problem, like a misconfigured router. This kind of insight is beyond the reach of generalpurpose LLMs—it requires a deep understanding of infrastructure design and component interactions.
There’s a lot of hype around AI. What do you think is misunderstood and not being talked about enough?
The hype often outpaces reality. People fear AI will replace jobs, but in reality, it’s a productivity tool. A recent survey showed 80 percent of employees don’t disclose they use LLMs at work. That’s like telling people not to use Google Search in the 2000s. We need to normalise AI as a workplace tool. Privacy is another issue. Consumer-grade LLMs ingest massive public datasets, and people often paste sensitive enterprise data into these tools without understanding where it goes. We still don’t fully understand how these models store or retrieve that
information. Enterprises need to be extremely cautious about privacy and compliance.
From your personal perspective, what about AI excites you the most— and what concerns you the most? What concerns me most is bias. These models are trained on data that may already be skewed. A well-known example: no public model today can correctly generate an image of a lefthanded person writing, despite lefthanders like Barack Obama. Or take hiring—if you use AI to filter candidates, hidden biases could affect decisions without your knowledge. We need much greater awareness of these issues. What excites me most is the acceleration of creativity and productivity. AI is becoming like mobile apps—once a novelty, now a necessity. It will be integrated across every enterprise and consumer tool, helping us summarise, translate, and organise information. It won’t replace expertise, but it will amplify human ability, making 10 percent of your work 10x more effective.
cryptographic governance, Zero Trust strategies can fall apart, as compromised encryption keys or outdated algorithms provide attackers with a backdoor into supposedly secure environments. This is particularly relevant as organisations prepare for the transition to post-quantum cryptography (PQC), where quantum computing advancements could render current public key cryptographic methods obsolete. A unified cryptographic management platform ensures that organisations can seamlessly update cryptography standards and maintain security without major disruptions. By integrating crypto-agility within Zero Trust, enterprises can proactively manage their cryptographic assets, ensuring their security frameworks remain resilient, adaptable, and futureproof.
Moreover, cryptography plays a crucial role in supporting the fundamental pillars of Zero Trust. Continuous monitoring of cryptographic assets enables organisations to detect and mitigate risks before they become security incidents. Policy compliance ensures that cryptographic implementations adhere to industry standards and regulatory requirements, reducing exposure to compliance-related penalties. Encryption, a cornerstone of Zero Trust, safeguards data in transit and at rest, ensuring that even if a breach occurs, critical information remains protected. Finally, verifying the trustworthiness of users, devices, and workloads depends on digital identity and cryptographic credentials, reinforcing the integrity of authentication mechanisms.
Achieving crypto-agility
Effectively managing cryptographic infrastructure requires more than manual oversight. The complexity of modern security environments, coupled with the increasing volume of cryptographic assets, demands automation, centralised control, and intelligent monitoring. A unified cryptographic management platform streamlines these operations, providing organisations with a single pane of glass to oversee their cryptographic estate. Such a platform enables real-time tracking of digital certificates, automated renewal processes, proactive identification of vulnerabilities, and seamless enforcement of security policies. In the earlier stated example of the bank, their service outage due to an expired certificate could have been avoided with automated certificate lifecycle management (CLM), but traditional CLM consistently fails to stop outages, because it lacks the full network, filesystem and application visibility that a holistic cryptography management solution provides. By ensuring that all cryptographic assets are continuously monitored and automatically renewed, organisations can eliminate human error, avoid costly downtime, and prevent security breaches.
By centralising cryptographic management, organisations not only improve security but also enhance operational efficiency. Security teams can shift from reactive firefighting to proactive strategy, focusing on mitigating emerging threats rather than dealing with preventable outages or compliance failures. Additionally, ensuring cryptographic best practices are consistently applied across the enterprise simplifies regulatory compliance, reducing the risk of fines and legal repercussions. At a time when data protection laws are becoming more stringent, demonstrating a commitment to cryptographic security strengthens an organisation’s credibility and builds trust with customers, partners, and regulatory bodies.
A future forged in trust and agility
The future of cybersecurity will be shaped by the ability to adapt quickly to new challenges. Cryptographic agility, enabled by a unified management approach, provides the foundation for Zero Trust security in an era of rapid technological change. Organisations that embed crypto-agility into their Zero Trust strategies gain the ability to seamlessly transition to new cryptography standards, ensuring long-term resilience against both current and emerging threats. This is particularly crucial in the context of quantum computing, where the ability to replace vulnerable cryptographic algorithms without disrupting operations will be a defining factor in maintaining security integrity.
Ultimately, the effectiveness of Zero Trust depends on the strength of its cryptographic underpinnings. A security framework that fails to account for cryptographic governance is inherently incomplete. By recognising cryptography as an integral component of Zero Trust, organisations can build a security posture that is not only robust but also adaptable to the evolving cyber threat landscape.
Today, MSPs are at the forefront of enterprise strategy, supporting businesses in managing hybrid cloud environments, cybersecurity, and largescale digital initiatives
provided remote infrastructure management, ensuring that networks and systems remained operational. By the 2000s, the shift toward cloud computing and virtualisation expanded their role, as companies sought more flexible, scalable IT solutions. In the past decade, automation and AI-driven insights redefined managed services, making them more predictive and proactive rather than reactive. Today, MSPs are at the forefront of enterprise strategy, supporting businesses in managing hybrid cloud environments, cybersecurity, and large-scale digital initiatives.
The GSMA’s “Enterprise Opportunity 2024” report supports this premise, highlighting that the delivery of managed services has become a significant factor in enterprise strategy success. Operators are increasingly emphasising direct engagement with enterprise customers, with 72 percent of operators considering managed services crucial for enterprise strategy.
This transformation has been driven by necessity as businesses can no longer afford to treat IT as a support function. It is now a core enabler of agility, innovation, and long-term competitiveness. And connectivity and networks aren’t just the domain of telecom companies anymore. With MSPs, businesses finally have the freedom to take control of their own networks without the burden
of massive investments or rigid, one-size-fits-all solutions. It’s about striking the right balance with an open system that offers both ease of use and deep customisation. Companies get the flexibility to shape their networks around their unique needs, scaling and adapting as they grow. The real shift here is that businesses are no longer just consumers of connectivity; they’re active participants in how it contributes to their success.
Yet, the complexity of modern network and infrastucture environments means that enterprises cannot manage everything in-house. The challenge is no longer about just keeping systems running but about ensuring that IT infrastructures are secure, scalable, and aligned with business goals.
Modern MSPs are no longer just service providers; they are business enablers. The most advanced among them bring four critical elements to the table. First, technology innovation has become non-negotiable. Businesses no longer want generic services; they need tailored, scalable solutions that integrate cloud, edge computing, and cybersecurity into a seamless ecosystem. The right MSP ensures that IT infrastructure evolves in lockstep with business strategy, rather than becoming an operational bottleneck.
Second, expertise has never been more crucial. As technology landscapes grow more complex, enterprises depend on MSPs not just for execution but for strategic IT leadership. The best MSPs do more than manage systems; they provide insights, help businesses adopt new technologies, and ensure long-term resilience.
Third, partnerships have become a competitive advantage. No single provider can address every IT challenge alone. Today’s businesses demand an interconnected network of technology partners, where MSPs act as orchestrators, bringing together cloud providers, cybersecurity firms, and digital innovators to deliver holistic solutions.
Finally, trust and brand reputation have taken centre stage. Enterprises are entrusting their most valuable assets to MSPs including data, operations, and customer experiences. In an age where security breaches and IT failures can cause irreparable damage, the reliability and credibility of an MSP matter more than ever.
At e& UAE, we’ve built our managed services offering on a foundation of technological innovation, strategic partnerships, and a skilled workforce. Our approach goes beyond traditional IT management by delivering scalable and flexible solutions that align with our clients’ dynamic business needs. By integrating advanced technologies with expertdriven service, we help businesses navigate complex challenges and adapt seamlessly to new opportunities.
Looking ahead, the role of MSPs will only grow. The next wave of digital transformation will see enterprises shifting toward more intelligent, self-optimising IT environments, where predictive analytics, automation, and real-time decision-making become the norm. Businesses that recognise the true strategic value of MSPs, not just as IT vendors but as transformation enablers, will gain a critical edge in the years to come.
Moreover, MSPs are evolving into more than just service providers. Today, they are indispensable strategic partners, helping businesses bridge the gap between emerging technologies and operational success. As they continue to innovate, invest in human capital, and build stronger partnerships, MSPs will offer tailored solutions that allow businesses to navigate complexity, unlock new opportunities, and drive sustainable growth. The future of business is digital, and those who master network and infrastructure agility will lead. Ultimately, in this new era, MSPs are the driving force behind enterprise success.
GDF: Saudi Arabia’s digital transformation needs localised solutions. This investment isn’t just about expanding operations—it’s about designing, producing, and manufacturing technology solutions specifically for the Kingdom.
We are also prioritising talent development. Together with Alat, we have structured programs to cultivate a skilled workforce that can sustain and scale digital transformation efforts within Saudi Arabia.
AB: Lenovo has been on a journey to ‘localise the multinational.’ Even before our collaboration with Alat, we focused on establishing a local presence in Saudi Arabia.
A prime example is our partnership with Saudi-based startups like Novo Genomics, which utilises AI for genome analysis in healthcare. Another key collaboration is with Nybl Global, which specialises in smart city and industrial projects. These companies started locally,
but we have integrated them into our global partner ecosystem, helping them scale regionally and internationally.
What is Lenovo’s broader vision for the Middle East?
GDF: We aim to contribute to both society and our business. Our goal is to grow revenue and profit while also giving back to the communities we operate in.
We believe in ‘Smarter AI for All.’ This means democratising AI-driven solutions, ensuring accessibility for businesses of all sizes—from large enterprises to SMEs and public sector institutions. Among our key focus areas are sectors such as healthcare and education, where AI can drive significant innovation and impact.
Saudi Arabia’s transformation is generating excitement across the Middle East. Countries in the region see the value in our new manufacturing facility, which will
Lenovo has been on a journey to ‘localise the multinational.’ Even before our collaboration with Alat, we focused on establishing a local presence in Saudi Arabia
enhance supply chains, improve security, and offer better warranty and service delivery.
AB: The enthusiasm surrounding our Saudi initiative has extended beyond the Kingdom. Other markets are eager to align with this transformation.
Saudi Arabia is not just localising multinational companies—it is also globalising its own technology advancements. Our role is to help extend these innovations across the Middle East and Africa, reinforcing the Kingdom’s leadership in AI and digital infrastructure.
Q world / Shutterstock.com
Alaa Bawab, General Manager – META, Lenovo ISG)
ALAA BAWAB
LENOVO ISG
THE RISE OF x IOT SECURITY IN THE MIDDLE EAST
LBy Osama Alzoubi, Middle East & Africa Vice President, Phosphorus Cybersecurity
ate one night a couple of years ago, safety systems shut down unexpectedly at a large factory in Saudi Arabia. It was later revealed that harmful code was added to disable the safety controls. In another incident, a UAE-based organisation fell victim to a virus that erased data from tens of thousands of devices. These incidents show that hackers now target not just emails and servers but also the smart devices that run factories, hospitals, and more. Both these attacks originated from a common source, an unsecured IoT (Internet of Things) device.
But similar attacks aren’t limited to IoT devices. Any device connected to the Internet or a network is vulnerable, be it operational technology (OT), internet of medical things (IoMT), industrial IoT (IIoT), and supervisory control and data acquisition (SCADA). Extended Internet of Things (xIoT) is the blanket term we use to refers to these devices.
The unseen breach: Why xIoT security remains a step behind Look around any modern enterprise and you’ll find “smart” gadgets everywhere. In every corner, one finds networked cameras, printers, accesscontrol systems, badge readers, digital signage, and advanced building management systems. In a midsized financial institution with 2,000
staff members, the digital fabric may extend to as many as 20,000 IoTenabled endpoints.
Unfortunately, many businesses devote less focus to these devices than to conventional IT assets. While core laptops and servers are shielded with firewalls and antivirus tools, IoT gadgets often run on minimal memory, use default passwords, and go years without firmware updates. They become “orphans” on the network—unpatched, poorly configured, or overlooked in security planning.
Middle
East at risk: The growing threat of xIoT attacks
Digital transformation is accelerating across the Middle East, driven by xIoT devices at the heart of progress. According to a study by Charter Global more than 80 percent of business executives say IoT is critical to their operations.This is especially evident in Gulf nations, where strategies like Saudi Vision 2030 and UAE Centennial 2071 prioritise smart infrastructure and Industry 4.0. From oil refineries and power plants to hospitals and transport systems, everything is becoming interconnected.
An oil company may deploy thousands of sensors on pipelines, while hospitals use connected monitors and MRI machines. Cities like Dubai leverage IoT for traffic and lighting systems. Securing these
devices is now a matter of national security and public safety.
Across industries, compromised xIoT devices can lead to halted operations or disrupted care. In hightech environments, each employee may be surrounded by multiple IoT or OT devices. Left unprotected, these systems increase attack surfaces—making their security a core cybersecurity priority.
Government cybersecurity initiatives
Many Middle Eastern governments acknowledge these risks. The UAE formed a National Cybersecurity Council to unify its defences and released a National Policy for IoT Security. Dubai also introduced dedicated security regulations for Industrial Control Systems. Meanwhile, Saudi Arabia’s National Cybersecurity Authority (NCA) has rolled out OT requirements for industrial networks and recently issued IoT Cybersecurity Guidelines. Other countries—Qatar, Oman, Bahrain, Kuwait—are likewise strengthening their national cyber strategies, underlining that xIoT security is vital for both economic stability and public welfare.
Why traditional cybersecurity isn’t enough for xIoT
Conventional cybersecurity tools were designed for laptops and servers, not for specialised devices like door controllers or factory robots. Some industry solutions are now focusing on protocols unique to these devices. Rather than merely identifying vulnerabilities, they proactively secure them—resetting default passwords, deploying firmware updates, and continuously monitoring for suspicious activity.
In many modern enterprises, there can be up to thirteen IoT devices for every single traditional IT device. These come from a wide range of manufacturers—some organisations work with as many as 50 different IoT vendors. That combination of large numbers and multiple suppliers creates a scale and complexity challenge that passive or legacy security tools simply cannot handle. A
THE RISE OF THE ROC
By Mayuresh Ektare, VP of Product Management, Qualys
While the GCC continues on its trajectory of innovation and economic diversification, stakeholders are justifiably concerned about external factors destabilising their transformation efforts. Adoption of AI, the convergence of IT and OT, the mass migration to cloud and multicloud environments — all present risks, and risks must be managed. By one count, the United Arab Emirates (UAE) endured an average of 1,546 cyberattacks per organisation each week in the second quarter of last year, an 18 percent increase on the same period in 2023. The story is similar for its Gulf peers. How then do we protect our precious progress from the nefarious intentions of the threat actor?
Those entrusted with the defence of systems and data face many
challenges, but at their forefront is the mismatch in skills and resources between them and their adversaries. Security suites tend to be fragmented, which is reflected in a global average of more than 70 tools per organisation, each presiding over just one area — network, cloud, endpoints, and so on — with little data interplay. How are teams expected to whittle down the white noise to a manageable number of verifiable threats and mitigate harm efficiently? Considering the UAE average of more than 200 true attacks per day, this is a tall task for security teams, not to mention the volume of false positives that have to be eliminated.
Security teams are familiar with relying on an SOC for the correlation of security events to enable a coordinated incident response. However, I’d argue they will benefit
It is important to note that the ROC is more than an evolution of the security function. It is an evolution of the business
even more from information that includes the potential financial and operational impact of knowing their enterprise risk even before an incident happens, so as to be better prepared and one step ahead. There is that word again: “risk”. Organisations need to have a risk operations centre, or ROC, to manage decisions proactively
around risk. The ROC provides a unified risk approach where asset inventories and risk telemetry are combined with business context and threat intelligence to form a single-pane, real-time view of the environment that makes risk triage more straightforward and relevant to each organisation’s unique situation at any point in time.
Culture shift
It is important to note that the ROC is more than an evolution of the security function. It is an evolution of the business. Traditionally, security tools operate in silos — they assess the security of the assets they are protecting in isolation and as a consequence, the response to these signals is fragmented. These silos will have to be dismantled. Where we’re familiar with the attack surface, the ROC offers a central point that is cross-functional and designed to respond to changes in the “risk surface”.
The benefits of a dedicated ROC are plentiful. It gives birth to a new language that will allow for efficient communication of important information between finance, operations, HR, IT, and security. With everyone on the same page and with the same understanding of the biggest risks to the business, they can react more quickly and in lock step. Additionally, the presence of business context and the quantification of financial impact allows risk management to follow a path that aligns with broader business goals.
The SOC transformed incident response by bringing together data from different security tools. The ROC is going a step further by bringing in all the risk data — vulnerabilities, misconfigurations, policy violations — and overlaying it with threat intelligence and business context to make informed risk remediation decisions and transform the organisation’s proactive defence.
No more firefighting
The ROC fulfils a long-held wish to cut through the white noise of risk signals and zero in on true dangers.
Through a structured, repeatable process, the centre leaves behind frantic, unfocused firefighting and replaces it with data-driven, business-aligned decisions. Risk management is now strategic, with each step automated, streamlined, and thoroughly understood by all stakeholders. Of course, “automated” implies a unified platform, one powerful enough to collate risk signals from a diverse set of detection tools and identify the indicators of exposure at scale. It will consume real-time threat intelligence and prioritise risks based on business context rather than just technical severity.
The ROC will reach into multiple environments in search of risk. For that to happen, however, and for risk managers to be able to use the right data and business context for mitigation, they need an enterprise platform that can act as the control centre of the ROC and dole out the actionable insights needed to lower the organisation’s risk. The ROC platform amalgamates risk assessment, prioritisation, and remediation to create a comprehensive proactive security platform. It allows risk leaders to manage the environment deftly and accurately. It is capable of compiling and leveraging a unified asset inventory. It aggregates risk factors. It enriches the sum of its knowledge with up-to-date threat intelligence. It puts the business and its goals front and centre in every actionable insight, prioritising risks appropriately and orchestrating responses accordingly. And it ensures the utmost standards in compliance and executive reporting.
Leveraging uncertainty
Risk comes from uncertainty. The Risk Operations Centre breathes some surety back into the enterprise by providing operational oversight for risk reduction programs. While nobody can guarantee what the future holds, much less one that is risk-free, the ROC gives risk managers more control over uncertainty and the ability to mitigate harm.
THE NEW CYBER REALITY: PREPARE OR PAY THE PRICE
Sunil Paul, MD, Finesse, highlights why, amid the digital shift, cybersecurity strategies must plan for disruption — not just prevention
Once upon a time, thieves broke into homes, banks, or armoured trucks. Today, they breach servers, siphon digital assets, and manipulate cloud infrastructure. The battlefield has moved — from the physical to the digital — and the stakes have never been higher.
We’re no longer up against lone hackers or low-level threats. Nationstates, organised cybercrime networks, and adversaries who may know your tech environment better than your own team are leading the charge. The real question is: are we truly prepared for this digital battleground?
Earlier this year, Bybit — one of the world’s largest cryptocurrency exchanges — fell victim to the most significant digital heist in history. In just hours, hackers stole over $1.5 billion in Ethereum tokens. The attack was not a result of a simple
Cybersecurity should no longer be treated as a purely technical concern. It’s a human issue, a process issue, and a partnership issue
coding flaw but a sophisticated breach involving phishing, social engineering, and a compromised third-party service. The attackers found and exploited a weakness in the infrastructure of a multisignature wallet provider. From there, they accessed internal credentials, inserted malicious code
into transaction workflows, and eventually extracted funds from what many in the industry considered “the gold standard in crypto security” — a cold wallet.
The Bybit incident is a stark reminder that even the most robust systems can be undermined by human factors, supply chain weaknesses, and overlooked cloud configurations. Perhaps most importantly, it challenges our long-held assumptions: that cold wallets are invulnerable, that thirdparty integrations are safe, and that traditional security postures can withstand today’s adversaries.
And this isn’t just a crypto problem. It’s a wake-up call for every sector.
Cybersecurity should no longer be treated as a purely technical concern. It’s a human issue, a process issue, and a partnership issue. The most advanced firewalls won’t help if your team falls for a phishing email or if a vendor fails to protect their infrastructure.
Moreover, cyber resilience must become a core business strategy — not just an IT checklist. Organisations need to recognise that focusing solely on prevention is no longer enough. They must build the muscle memory to handle disruption, so they can adapt in real time, rather than scramble after the fact.
Which brings us to one of the most critical forums happening this year – GISEC GLOBAL. Set to take place next month, the event is a space where perspective meets purpose, and ambition turns into action. It brings together the sharpest minds across industries and governments to shape resilient strategies and drive meaningful progress in securing our digital future.
At a time when cyber risk is omnipresent, we need to stop asking if we’re prepared — and start proving that we are.
Under the High Patronage of His Majesty King Mohammed VI
Defining Africa’s Future with AI Impact
45,000
1,500
NOTHING: Phone (3a)
Nothing has launched its Phone (3a) and Phone (3a) Pro models, both featuring a 6.77-inch LTPO AMOLED display with a 120Hz refresh rate and peak brightness of 3000 nits. Powered by the Snapdragon 7s Gen 3 chipset, these devices offer up to 12GB RAM and 256GB storage.
The Phone (3a) includes a triple rear camera setup: a 50MP main sensor, a 50MP telephoto lens with 2x optical zoom, and an 8MP ultra-wide lens. The Pro variant upgrades the telephoto
lens to a 50MP periscope with 3x optical zoom and enhances the front camera to 50MP.
Both models are equipped with a 5000mAh battery supporting 50W wired charging. They run on Android 15 with Nothing OS 3.1 and are committed to three years of Android updates and six years of security patches.
A new feature, “Essential Space,” accessible via the “Essential Key” button, utilises AI to organise screenshots, voice memos, and photographs.
APPLE: iPad Air M3
Apple has released the seventh-generation iPad Air, available in 11-inch and 13-inch models. The device is powered by the Apple M3 chip, featuring an 8-core CPU, 9-core GPU, and a 16-core Neural Engine, providing improved performance over its predecessor. The iPad Air offers storage options of 128GB, 256GB, 512GB, and 1TB, all with 8GB of RAM. It runs on iPadOS 18.4 and supports Apple Intelligence features.
The 11-inch model has a Liquid Retina display with a resolution of 2360x1640 pixels and 500 nits brightness, while the 13-inch model offers 2732x2048 pixels and 600 nits brightness. Both models feature a 12MP rear camera and a 12MP front-facing camera with Center Stage support. Connectivity options include Wi-Fi 6E, Bluetooth 5.3, USB-C, and optional 5G. Battery life is estimated at up to 10 hours for web browsing or video playback.
The updated Magic Keyboard includes a larger trackpad and a 14-key function row. The iPad Air is compatible with the Apple Pencil Pro and Apple Pencil (USB-C).
LENOVO: ThinkPad X9 Aura Edition
Lenovo has debuted the ThinkPad X9 Aura Edition in the UAE, offering 14-inch and 15-inch models powered by Intel Core Ultra processors.
The laptops feature OLED displays with resolutions up to 2.8K, 100 percent DCI-P3 colour gamut, and Dolby Vision support. They come with up to 32GB of LPDDR5x RAM and 2TB of SSD storage. The design includes a haptic touchpad, omitting the traditional TrackPoint, and a
chassis made from 50 percent recycled aluminium.
Connectivity options include two Thunderbolt 4 ports, HDMI 2.1, and a headphone jack. The devices also offer AI-driven features like Smart Modes, Smart Share, and Smart Care.
Battery life is estimated at up to 15 hours for the 14-inch model and 14 hours for the 15inch model. The ThinkPad X9 Aura Edition is now available at select retailers in the UAE.
