CodeRED - August - September 2025 - Arabic & English by TECHx Media

When your workplace is everywhere, security is everything

HP Wolf Security brings a host of advanced technologies to your endpoint cyber-defences, supporting HP and non-HP (OEM) PCs, and HP printers.

KhaledALMAEENA

The most critical story of our time is cybersecurity. Not because it is new, but because it is necessary. It touches every institution, every economy, every individual. Governments are quietly targeted. Critical systems are breached.

Societies face threats they do not fully understand. Behind these incidents lies structure. A growing network of actors operating with intent and precision. Cybercrime is no longer a side issue. It is a core challenge to global stability, national governance, and personal freedom.

Much of the narrative remains surface level. But the deeper questions, of responsibility, resilience, and consequence, demand more attention.

That is why TECHx Media exists. Not to echo the noise, but to explore what others overlook. Not to promote, but to investigate. Cybersecurity is not just technical. It is institutional. It is political. It is human.

You can see the true picture of healthcare being under siege by zooming out from any hospital, clinic, or pharmacy.

In just the first half of 2025, cyber incidents exposed more than 500 million medical records worldwide. Furthermore, these are more than just numbers. Medical records are unchangeable, unlike passwords, and include everything from insurance information to diagnosis histories.

Nevertheless, the Middle East is at a pivotal moment. As cloud-based health records, AI diagnostics, and smart hospital deployments pick up speed, cybersecurity needs to be ingrained in the very fabric of healthcare transformation. This implies: Frameworks with zero trust for every access point. AI powered surveillance to identify dangers quickly Upskilling frontline staff, not just IT teams, and creating cross-sector public private partnerships to protect national infrastructureIn terms of healthcare innovation, this area is leading the way. Let's be careful not to omit the section about securing it.

EXECUTIVE BOARD MEMBER

We are TECH x Media, officially registered with the UAE's National Media Council. As a media platform dedicated to addressing the media and marketing needs of the tech ecosystem, we have built a strong reputation as a trusted partner for leading global vendors, distributors, government entities, and major global tech events. With a proven track record of providing comprehensive industry coverage, our team of seasoned professionals and tech journalists, boasting over 150 years of combined expertise, delivers the latest technology insights, backed by in-depth analysis and creativity.

SAIFUDDINKhwaja

THECOLLECTIVE

Our hospitals and clinics are becoming high-value targets for increasingly skilled cybercriminals as they digitize more quickly than ever before. According to IBM's most recent Cost of a Data Breach Report, the average cost of a data breach in the healthcare sector is currently $7.42 million, making it the costliest industry.

It's more than just a financial gut punch. It is a life-or-death situation. We explore the aftermath of a breach this August, including where compromised health data ends up, how it is used, and what local healthcare executives can do to stay ahead. Even though ransomware and phishing are still frequently used strategies, threats driven by AI are now appearing more quickly. 13% of businesses worldwide reported breaches involving AI models or applications in 2025, the majority of which had insufficient access controls. Thus, cybersecurity is more than just a technical issue. The issue is one of human resilience. One that is ingrained in our

How much does a cyberattack actually cost?

Productivity and trust. lives.

One thing is evident as we move into the end of 2025: cybersecurity has developed from an IT function to a full-fledged business enabler, and risk amplifier. Additionally, the effects are exacerbated in industries like healthcare.

Although breach costs are highest in the healthcare industry, there is a larger issue AI-related breaches now add an average of $670,000 to the cost of an incident. Even worse, almost 40% of compromised companies have yet to fully implement AI-based solutions.

Despite automation, AI-based security solutions cut breach lifecycles by more than 100 days.

Being technologically sophisticated also entails being exposed to technology, as this month's issue of codeRED serves as a reminder. Not only should we safeguard our creations, but we should also make them future-proof.

CHIEF EXECUTIVE OFFICER

TARIQ

Editorial: +971 50 100 2275

Sales: +971 50 300 4450

Events: +971 50 700 7216

Marketing: +971 50 800 8341

General: info@techxmedia.com Editorial: editor@techxmedia.com

S abeel ISMAIL

THE INSIDE

“This strategy is a turning point. It’s how we ensure every sector works together to protect our digital transformation and the progress we’ve made as a nation.”

How Strategic Collaboration Positions UAE as a GLOBAL CYBERSECURITY LEADER

Digital threats grow more sophisticated by the day, nations face a clear choice: react to attacks or build resilience from the ground up. The UAE has chosen the latter, not with slogans or surface-level solutions, but with a comprehensive and deeply integrated cybersecurity architecture that blends policy, military strategy, economic foresight, and human capital. Under the guidance of its leadership, the UAE has reframed cybersecurity as more than just a defensive play, it’s a pillar of national strength. Recent collaborations between the UAE Cyber Security Council (CSC), the Ministry of Defence, and the Department of Health (DoH) highlight this shift. They’re the working blueprint for a digital state built to withstand, adapt, and thrive.

The Strategy Beneath the Surface

UAE’s digital defenses lies the National Cybersecurity Strategy, an interconnected framework resting on five core pillars: governance, protection, innovation, capability building, and partnership and it’s working. The UAE now ranks among the global leaders in the ITU’s Global Cybersecurity Index, not by accident but through a deliberate alignment of policy, investment, and technical execution.

Cyber Is the New Battlefield

The UAE has turned its attention to the more complex, less visible frontlines: cyberspace.

Its growing synergy between the CSC and the Ministry of Defence shows how deeply cyber readiness has been absorbed into military thinking. Cybersecurity is no longer a siloed IT concern, it’s doctrine. During the IDEX 2025 exhibition, a full-scale drill placed 22 defense-sector professionals into a simulated Advanced Persistent Threat (APT) ransomware attack scenario. The point wasn’t just to test tools, it was to pressure-test people. How quickly can responders’ isolate threats? How resilient is infrastructure under digital siege?

Healthcare Protection

Cyberattacks on hospitals are no longer hypothetical, they’re happening, and the consequences are real. In response, the UAE’s Department of Health, Abu Dhabi (DoH) became the first health regulator in the region to develop a sector-specific cybersecurity strategy. It’s not a policy; it’s a full-spectrum defense plan.

Key milestones include:

• ADHICS v2.0: An updated regulatory framework that enforces encryption, multi-factor authentication, and structured response protocols across over 370 healthcare entities.

• Healthcare Protective Shield» Drill: A realistic exercise simulating ransomware attacks and testing the emergency response capabilities of clinical staff, IT teams, and leadership. During the drill, the focus was on real-time decisions that could mean the difference between patient safety and system failure.

Dr. Al Kuwaiti summed it up with clarity: “Safeguarding patient data isn’t just a technical issue, it’s about maintaining trust, ensuring continuity of care, and protecting lives.”

Building an Ecosystem, Not Just Defenses

Technology can be patched, infrastructure strengthened, but without evolving human behavior, everything collapses. That’s why the UAE prioritizes cybersecurity awareness and training across military, healthcare, and the public. During his visit to CSC headquarters, H.H. Sheikh Mansour bin Zayed Al Nahyan described cybersecurity as “a foundation for economic and social stability.”

Culture Is the Firewall

The results: a defense force that treats cyber drills with the same seriousness as live combat exercises.

Major General Ali Mohamed Al Saridi of the Cyber Defence Directorate said it best: “Cybersecurity isn’t a separate system, it’s part of our national defense posture. It has to be unified, not just reactive.”

Technology can be patched. Infrastructure can be hardened. But if human behavior doesn’t evolve, everything else is a house of cards.

That’s why the UAE has placed just as much emphasis on cybersecurity awareness and training, from the military and healthcare sectors to the general public. H.H. Sheikh Mansour bin Zayed Al Nahyan recently visited the CSC headquarters and called cybersecurity “a foundation for economic and social stability.”

Saudi Arabia’s Cybersecurity Ecosystem

As the Kingdom of Saudi Arabia undertakes its most ambitious transformation in modern history under the Vision 2030 agenda, one priority has emerged as central to every other initiative: cybersecurity. While the world often views cybersecurity as a discrete technical challenge, Saudi Arabia is reframing it as a national capability, strategic, economic, and geopolitical.

At the core of this transformation is the National Cybersecurity Authority (NCA). Established by royal decree in 2017, the NCA oversees policy, enforcement, coordination, and cyber resilience efforts across all sectors. Musaed bin Mohammed Al Aiban, Chairman of the NCA’s Board, confidently articulated the Kingdom’s global positioning:

“This achievement… has contributed to strengthening national cybersecurity and technical sovereignty, localizing priority technologies, and enhancing information sharing and international cooperation.”

This isn’t about adding a security layer to digital growth. It’s about building cybersecurity into the core of national development, at the infrastructure level, in policymaking, and within its human capital strategy.

What is unfolding across Saudi Arabia isn’t a reactive defense posture. It’s a comprehensive ecosystem designed to support sovereignty, scale, and international influence.

A Vision-Backed Doctrine

At the center of this transformation is Vision 2030, the Kingdom’s long-range roadmap to diversify its economy beyond oil, embrace digital innovation, and establish global leadership in critical sectors like energy, finance, and artificial intelligence.

To operationalize this vision, Saudi Arabia established the National Cybersecurity Authority (NCA), a central regulatory and strategic body that defines and enforces the Kingdom’s cyber policies. The NCA works closely with other digital-first institutions like:

• SITE (Saudi Information Technology Company) – tasked with providing end-to-end cybersecurity solutions for public entities;

• SDAIA (Saudi Data and Artificial Intelligence Authority) – overseeing the governance of data and AI strategies across sectors.

Together, these entities have created sector-specific cybersecurity frameworks, incident response protocols, and risk evaluation methodologies. These frameworks are now mandatory across critical infrastructure operators, ensuring that cyber-readiness is not left to market discretion, but treated as a matter of national compliance.

In 2024, Saudi Arabia was awarded Tier 1 “Role Model” status in the UN’s Global Cybersecurity Index, recognizing its comprehensive legal, technical, organizational, and capacity-building frameworks. That same year, it ranked #1 globally in cybersecurity competitiveness in the IMD World Digital Competitiveness Report, ahead of long-established digital leaders.

AI, Automation, and Strategic Investment

Saudi Arabia’s cybersecurity ecosystem is not only structured, it is intelligent by design.

Cybersecurity plays an enabling role across all these domains. From smart cities like NEOM to digital health infrastructure, fintech regulation, and AI applications, the stakes of cybersecurity extend well beyond breach prevention. It’s now about maintaining national stability in a digitally interdependent economy.

As the country’s digital transformation has accelerated, so too has its cyber threat exposure. In response, the Kingdom is deploying AI-powered cyber defense systems capable of real-time monitoring, threat modeling, and predictive detection across massive data streams.

These platforms are integrated into government data centers, critical energy and logistics hubs, and the Kingdom’s burgeoning e-governance platforms. The goal isn’t merely to detect attacks but to pre-empt them, transforming the country’s cyber posture from reactive to anticipatory.

“This achievement… has contributed to strengthening national cybersecurity and technical sovereignty, localizing priority technologies and enhancing information sharing and international cooperation.”

According to Arab News and CybersecAsia, Saudi Arabia’s cybersecurity spending reached SR 13.3 billion (approximately USD 3.55 billion) in 2023, representing an 11% increase from the previous year. These funds support:

• National-level security operations centers (SOCs)

• Penetration testing and red-teaming units

• Vulnerability assessment platforms

• End-user security awareness campaigns

This investment isn’t ad hoc. It is structured through multi-year programs, tied to both digital service expansion and geopolitical resilience.

For instance, the Kingdom’s smart city projects, including NEOM and the Red Sea Global developments, have built-in cyber defense architecture, co-designed with partners. These cities aren’t simply connected, they’re designed for cyber-resilience at scale.

Talent Pipeline and National Cyber Readiness

Recognizing that cybersecurity is ultimately a human discipline, Saudi Arabia has invested heavily in education and workforce development.

The Saudi Cybersecurity Academy, established by the NCA, delivers training programs ranging from foundational cybersecurity literacy to advanced topics like threat intelligence, cloud defense, and secure software development. The Academy part-

ners with global vendors and academic institutions to deliver world-class certifications and experiential learning programs, creating a steady supply of jobready professionals.

The Academy’s reach is impressive: thousands of professionals have graduated and moved into government agencies, oil and gas firms, banks, and managed security service providers. The goal is not simply to staff a labor market, it’s to embed cybersecurity capability within every critical sector.

Further, the Kingdom is investing in K-12 cyber education, introducing cybersecurity as a track within high school curricula and encouraging university students to specialize in cyber disciplines. This aligns with broader ambitions to become a net exporter of cybersecurity talent within the Gulf region.

From National Security to Regional Power

What makes Saudi Arabia’s cybersecurity model especially notable is its regional ambition.

The Kingdom is no longer focused solely on defending its own networks. It has begun positioning itself as a regional cybersecurity provider and influencer, offering advisory services, training programs, and shared infrastructure support to Gulf and African nations.

This includes joint cyber exercises with GCC allies, regional CERT (Computer Emergency Response Team) coordination, and even government-level consultations on cybersecurity governance and data protection policy.

At recent summits, and bilateral talks with the UAE, Egypt, and Bahrain, Saudi officials emphasized a collective defense posture, recognizing that cyber threats transcend borders and alliances will be essential.

In 2025, Saudi Arabia deepened its engagement with global cyber governance bodies, including the ITU, FIRST, WEF Centre for Cybersecurity, and private sector consortia working on cybercrime, critical infrastructure protection, and AI risk management.

Through this outreach, Saudi Arabia is not merely adopting global norms, it is helping shape them.

Minister of Communications & Information Technology

Egypt

Amr Talaat

Egypt’s Cybersecurity Army

In a world where national security is increasingly defined by firewalls instead of front lines, Egypt is investing not in missiles or metal, but in minds. While global cybersecurity conversations often orbit around quantum-ready infrastructure or zero-trust frameworks, Egypt is focused on something more foundational: its people.

The country is quietly, yet deliberately, building a cybersecurity army, and it’s doing so by treating education as infrastructure, as deterrence, and human capital as the frontline asset in defending a digital nation. This is not a metaphorical strategy. It’s a national doctrine. And it’s already in motion.

As Minister of Communications and Information Technology Amr Talaat put it at the CAISEC ’25 cybersecurity conference:

“Cybersecurity is no longer a technical funtion it is a national priority ... human capital is the cornestone of any effective cybersecurity strategy.”

Cybersecurity as Core Policy

Egypt’s National Cybersecurity Strategy 2023–2027, orchestrated by the Supreme Cybersecurity Council, marks a decisive pivot: cybersecurity is no longer a technical function housed in a goverment agency, it’s a pillar of national resilience.

The strategy doesn’t just speak in abstractions. It includes measurable commitments: modernizing legislative frameworks, upgrading infrastructure security, and perhaps most critically, creating a sustainable pipeline of homegrown cybersecurity professionals.

These are not supplemental training modules. They are the core competencies of a national digital defense force.

The Human Stories Behind the Strategy

Recognizing that cyber resilience cannot be imported, the Ministry of Communications and Information Technology (MCIT) launched the National Cybersecurity Academy, with a goal of training 5,000 Egyptians in 2025 alone. But this isn’t general IT upskilling. The academy’s curriculum reads more like a defense playbook: ethical hacking, penetration testing, digital forensics, cloud security, and incident response.

What sets Egypt’s model apart isn’t just the scope, it’s the authenticity of its impact. The clearest indicators of success aren’t in state memos or press releases. They’re in the public reflections of the very students being trained.

That kind of language, rooted in civic duty rather than personal advancement, is the mark of a strategy that’s not only working, but resonating.

Ammar Yasser, another trainee from the Digital Egypt Pioneers Initiative (DEPI), posted about completing a wireless communications course. But more telling than the certificate was what it sparked: a newfound direction toward network engineering and a lifelong pursuit of cybersecurity.

And then there’s Ahmed Refaat, who shared his experiences deploying firewalls, analyzing threats, and building secure digital environments. These are not lightweight internship anecdotes, they’re indicators of hands-on operational readiness in real-world conditions.

Together, these stories form the fabric of Egypt’s cyber strategy: deeply personal, practically driven, and rooted in national service.

A global partnership

Egypt is not building this capacity in a vacuum. The strategy’s strength lies in its ability to scale globally while remaining rooted locally.

A headline partnership with Cisco, active through 2030, is expected to train a quarter of a million Egyptians in IT and cybersecurity competencies via the Cisco Networking Academy. That number isn’t aspirational, it’s contractual.

Beyond Cisco, Egypt has enlisted some of the most respected names in the global security landscape:

Google Cloud Security, Palo Alto Networks, F5, Trellix, Huawei Talents Academy, CyberX, and BARQ Systems. These aren’t just training partners. They bring with them access to industry-grade tools, real-time threat intelligence, and certification programs that are aligned with international standards.

This fusion of local ownership and global expertise ensures that Egypt’s talent isn’t just job-ready, it’s future-proof.

Who’s Being Trained, Where, and Why It Matters

According to the MCIT, the 2024 figures speak volumes:

• 1,496 individuals were trained across 13 gover norates, stretching from Cairo to lesser-served rural regions.

• Among these, 549 were school students, 654 were university students, and 293 were adults switching careers.

• Trainees represented 61 academic disciplines, illustrating the cross-sectoral reach of cybersecurity as a national priority.

This breadth matters. It signals that cybersecurity is no longer the sole domain of IT departments. It’s becoming a core skillset for the digital citizen, embedded into high schools, universities, and adult education programs alike.

Curricula covered everything from QR-code vulnerabilities to public Wi-Fi risks, social engineering techniques, and even VR-based cybersecurity simulations, technologies that once seemed aspirational are now instructional.

And the training doesn’t stop in the classroom. Around 70 trainees participated in live projects with CyberX, while another 50 advanced into elite certification programs through Huawei’s Talent Academy. These aren’t simulations, they’re operational environments with real threats and real consequences.

Why Egypt’s Model Deserves Attention

Egypt’s approach to cybersecurity is not reactive, it is strategic and anticipatory. Most nations approach digital defense with a posture of containment.

Egypt, by contrast, is building capacity before the breach. And it’s doing so through education, civic inclusion, and strategic foresight.

The country has reframed cybersecurity not as a siloed technical specialty, but as a national imperative, one that spans classrooms, laboratories, ministries, and multinational partnerships. In doing so, it has shifted the entire cybersecurity conversation from “protection” to “preparedness.”

By embedding cybersecurity training into the very structure of public education and workforce development, Egypt is sending a clear signal: defense is everyone’s responsibility, and digital resilience begins at the grassroots.

The result? A model of governance where citizens aren’t just passive recipients of protection, but active participants in national security.

Final Analysis

Egypt isn’t building a workforce. It’s building a doctrine, one where cybersecurity is as much about nationhood as it is about networks.

This is more than talent development. It is sovereignty by design, and the world would be wise to watch how Egypt is coding the future of national defense, one student, one credential, and one firewall at a time.

“I’m absolutely over the moon to have been recognized by the Minister of Communications and Information Technology …

This honor is more than a personal achievement; it’s a promise to keep contributing to a safer and more secure digital world.”

The Long Afterlife of STOLEN Healthcare DATA

When the Hack is Over, the Real Threat Begins

In June 2025, American Hospital Dubai found itself at the epicenter of a digital siege. The ransomware group known as Gunra claimed responsibility for a data breach that allegedly compromised over 450 million files. The hospital suspended outpatient services for three days, while forensic analysts scrambled to assess the scale of the damage. But as the headlines faded, a more insidious question emerged: what happens to all that stolen healthcare data once it’s outside the firewall?

Medical Records: The New Gold on the Dark Web

Healthcare records are one of the hottest commodities in the cybercrime marketplace. Unlike credit cards or bank logins, which can be frozen or changed, medical data is permanent. Blood types, mental health diagnoses, prescription histories, and ID details don’t expire. According to Imprivata, a single medical record can sell for up to 250$ on underground forums, more than 40 times the value of a credit card number.

In the case of American Hospital Dubai, attackers reportedly exfiltrated data sets including Emirates ID numbers, medical scans, financial records, and patient histories. Even if a ransom is paid (and in this case, it’s unclear if it was), there’s no guarantee the data won’t resurface elsewhere. Ransomware gangs, particularly newer groups like Gunra, are known for double extortion tactics, encrypting files and simultaneously threatening to leak them. More often than not, data gets packaged, resold, and weaponized long after the breach is remediated.

Beyond the Breach: How Stolen Data Lives On

The afterlife of stolen data is far from passive. Once dumped onto dark web forums or encrypted Telegram channels, this data often goes through a laundering process. Files are split into searchable «combo dumps,» repackaged as identity kits, or used to build high-trust phishing campaigns.

One alarming trend is the rise of “healthcare identity fraud”, where criminals use stolen medical records to access expensive procedures or file false insurance claims. This doesn’t just cost providers billions annually; it also leaves victims with corrupted medical records that can mislead future care. In some cases, victims have been denied insurance coverage due to fraudulent claims filed in their name.

Another danger: blackmail and extortion. Mental health records, STDs, or substance abuse treatment histories can become leverage points in personal extortion campaigns. The Finnish Vastaamo breach remains a sobering example, where therapy patients were contacted individually by attackers threatening to publish their private session notes.

The MENA Region: A Rapid Digital Shift with Growing Exposure

The Middle East and North Africa (MENA) is undergoing a digital transformation at breakneck speed. Countries like the UAE, Saudi Arabia, and Egypt are investing heavily in smart healthcare systems, e-health records, and telemedicine platforms. But with innovation comes exposure.

A 2024 Health-ISAC audit revealed that over %70 of healthcare providers in MENA still operate on pre2015- IT infrastructure, a treasure trove for attackers. Outdated encryption, unpatched software, and weak credential management remain the norm.

Worse still, public awareness around healthcare cybersecurity is limited. Patients often reuse passwords across health apps, fail to update devices, or unknowingly authorize phishing links that mimic government health portals. According to the IEEE MENA SecTech Survey %63 ,2025 of users in the region admit to reusing passwords across platforms.

The Digital Paper Trail Never Dies

Even if a victim changes their email or deletes their health app, the stolen data can linger online indefinitely. Threat actors are increasingly using this data for social engineering, particularly targeting high-net-worth individuals or political figures with healthcare ties.

Moreover, the risk of data poisoning, where cybercriminals alter medical records to cause harm, is growing. Research from the University of California (2023) found that hospitals hit by major cyberattacks saw a %21 spike in medical errors and delays, often caused by system downtime or record confusion.

Are Regulations Enough?

The regulatory landscape is tightening. The UAE’s Federal Decree-Law No. 45 of 2021 mandates -72hour breach notifications and heavy fines for noncompliance. Saudi Arabia’s National Cybersecurity Authority boasts %93 compliance in energy-related sectors. Egypt has activated its PDPA as of March 2025

Still, enforcement gaps remain. Many small-to-mid-sized private hospitals fall below the radar, operating without robust audit trails or breach response plans. According to the GCC Health Ministers Council, only %41 of small-to-medium healthcare facilities comply with existing data sovereignty mandates.

Securing the Future: Tech Is Only Half the Equation

Yes, technologies like AI-driven anomaly detection and zero-trust architecture are critical. Abu Dhabi’s Department of Government Enablement (ADGH), for example, cut incident response time by %78 after deploying AI-based tools. But without coordinated policy, training, and patientcentric protections, these tools only address part of the problem.

Saudi Arabia’s Cybersecurity Academy, which trained 24,000 professionals from 2025–2023, is a step in the right direction. So is the GCC Cyber Fusion Center, which shares over 2,100 threat indicators per month among member states. But regional experts warn that unless hospitals decommission outdated infrastructure and adopt unified response protocols, cybercriminals will continue to exploit the cracks.

Final Diagnosis: The Real Cost of Inaction

The aftermath of a healthcare breach isn›t measured in downtime alone. It’s felt in the silent damage done to trust, dignity, and human wellbeing. A stolen diagnosis, an exposed prescription history, or a leaked mental health record can upend lives in ways firewalls can›t fix.

The American Hospital Dubai incident may soon be buried in the news cycle, but the stolen data could resurface at any time, in phishing lures, extortion emails, or fraudulent claims. And with every new breach, the burden of proof and protection increasingly falls on the patient, not the attacker.

Until cybersecurity becomes as integral to healthcare as patient care itself, the ghosts in the server will keep coming back.

I see IT not as a backend function, but as a strategic enabler of resilience, trust, and innovationbuilt to scale, built to comply, and built for what’s next

YUOSOF RADI

What’s the most challenging

IT infrastructure

project you’ve led and how did you drive it to success?

One of the most challenging yet transformative initiatives I’ve led was the strategic design and implementation of highavailability data center and disaster recovery environments. The outcome: over %99.99 system uptime, a %60 reduction in incident recovery time, and a significant boost in operational resilience for critical middleware platforms and ERP systems. The entire architecture was designed using advanced clustering technologies and automated failover mechanisms to minimize outages and ensure business continuity.

The trigger for this project was the growing regulatory and operational risk posed by outdated infrastructure that lacked redundancy and real-time recovery. I was tasked with building a resilient backbone capable of supporting future growth, maintaining alignment with national mandates (e.g., NCA ECC, CMA), and satisfying board-level scrutiny. We modernized the full technology stack, backup, DR, network, database, and middleware, with business continuity embedded from day one. My team

introduced real-time storage replication and database synchronization between primary and DR sites, eliminating manual recovery gaps. Crucially, we achieved this transformation without disrupting ongoing business operations, thanks to a phased migration plan, shadow operations, and comprehensive testing.

Having previously designed and implemented national-level DR solutions in the transportation sector, I applied that methodology to capital markets and financial services. We rebuilt the entire infrastructure stack for order management, asset management, CRM, and core databases, all with built-in HA, regulatory compliance, and seamless interoperability.

How do you ensure business continuity while staying compliant with everevolving regulations?

Ensuring uninterrupted operations in a highly regulated environment requires aligning infrastructure resilience with evolving compliance mandates. My approach integrates cybersecurity and regulatory adherence into all IT operations, right from strategic planning to execution. At a time when NCA, CMA, and SAMA regulations were rapidly maturing, I was responsible for transforming the IT landscape to guarantee continuity, reduce systemic risk, and ensure board and audit alignment. The organization could not afford disruptions, delays, or noncompliance.

I developed and executed a business continuity framework with five pillars:

• Deployment of full DR environments for critical systems in transportation, financial services, and capital markets.

• Implementation of real-time storage replication, database sync, and automated failover, achieving our RPO/RTO goals.

• Integration of compliance controls within the project lifecycle, including DevSecOps and audit checkpoints.

• Design of policies, DR strategies, and training plans to build team readiness across IT and cybersecurity.

• Establishment of IT and cybersecurity governance committees reporting directly to Audit and BCM Committees.

This strategy delivered tangible outcomes: zero audit findings related to continuity, %99.99 uptime, and a %50 reduction in regulatory-related project delays. By partnering early with cybersecurity GRC, we proactively addressed compliance during planning turning regulation from a blocker into a business enabler.

How have you handled legacy system migrations without disrupting business operations?

In one critical engagement, the organization faced operational and cost inefficiencies due to legacy systems running on outdated hardware and fragmented infrastructure. My mandate was to modernize without disrupting daily operations a challenge compounded by regulatory sensitivity and tight timelines.

I led the end-to-end migration of multiple legacy workloads, including ERP modernization, physical-to-virtual migrations, and replatforming middleware components. These were mission-critical systems powering business transactions, messaging, and core financial operations.

My approach relied on building a dualrun transition framework: legacy and new systems operated in parallel with synchronized data pipelines. I worked closely with developers, system engineers, and DBAs to refactor configurations and optimize

performance post-migration. We conducted full business-impact assessments, rollback simulations, and stakeholder alignment workshops. The result was a zero-downtime migration, a 30% reduction in hardware costs, and significant gains in agility, monitoring, and compliance readiness all while maintaining uninterrupted service delivery.

What’s your approach to optimizing virtualization technology to cut costs without cutting corners?

Virtualization, when executed strategically, becomes a lever for operational efficiency, scalability, and resilience. In one of my most impactful initiatives, I consolidated the organization’s scattered workloads into a fully virtualized environment with built-in HA and DR capabilities.

Facing budget constraints and capacity limitations, I restructured the virtualization architecture around scalable clusters, dynamic resource allocation, and policy based automation. This included storage optimization, VM lifecycle management, and backup integration.

Beyond infrastructure, I worked with finance and procurement to realign licensing models and consolidate underutilized assets cutting CAPEX and OPEX significantly. Training plans and knowledge transfer ensured the internal team could operate the environment without dependency on external consultants.

The initiative delivered a %40 reduction in infrastructure costs, increased provisioning speed by %60, and improved system uptime. More importantly, it supported long-term scalability for digital growth and emerging workloads like containerization.

Share a time you resolved a critical system failure

During my tenure overseeing infrastructure and cybersecurity, we encountered a performance degradation in our production environment. Business units were impacted, and root cause analysis pointed toward misaligned DB parameters and suboptimal storage configurations.

What made this case unique was that existing monitoring tools failed to flag it in time.

Drawing on my earlier experience leading OS and infrastructure teams, I conducted a manual technical review, isolating the issue before external support could even escalate.

I collaborated with the platform vendor to reconfigure the DB kernel parameters, redesign the storage I/O path, and implement real-time health checks. The fix not only restored performance but also reduced query latency by %70

The incident reinforced the value of deep domain knowledge, cross-functional collaboration, and proactive architectural reviews. We later turned this experience into a resilience playbook and incorporated the learnings into future system builds.

How do you balance long-term infrastructure planning with the need for quick, agile solutions?

Balancing strategic vision with tactical agility starts with aligning both to business priorities. I’ve always anchored infrastructure planning to measurable business outcomes: uptime, customer satisfaction, regulatory compliance, and financial ROI.

When leading large-scale initiatives like building cloud-first DR strategies or deploying hybrid infrastructure for brokerage

systems, I employed a dual-track model: long-term architectural roadmap paired with quick-win deliverables.

For example, we adopted a BuildOperate-Transfer (BOT) model with our service providers: phase one involved expert-led implementation, phase two included shadowing by internal teams, and phase three shifted full ownership in-house.

At the same time, all projects were structured with agile governance: sprint-based milestones, change control gates, and early regulatory engagement. This hybrid approach improved delivery speed by over %40 while keeping longterm objectives intact.

What tools or practices have been game-changers for ensuring uptime and system performance?

Ensuring consistent uptime and optimal performance requires a multilayered approach process, tooling, and talent. Across engagements, the following have proven instrumental:

• Advanced infrastructure monitoring with predictive alerting

• Storage replication and DB synchronization across DC and DR for business continuity

• Proactive maintenance windows aligned with change calendars and monitored with synthetic testing tools

• Redundant ISP and cross-site communication links to avoid single points of failure

• KPIs and dashboards shared with executive leadership to maintain visibility and alignment

We also invested in 7/24 SOC & NOC services and enabled cross-training between infrastructure and application teams. This significantly improved mean time to detect (MTTD) and resolve (MTTR) incidents and ensured +%99.99 uptime across critical services.

When rolling out a new system, how do you get different teams on board without causing chaos?

Successful rollout starts with stakeholder alignment and ends with empowered internal ownership. I’ve institutionalized a structured onboarding model for every major system rollout, grounded in three principles: early engagement, clear RACI, and ownership transition.

From day one, I ensure that cybersecurity, IT ops, application owners, and business stakeholders are involved. This allows us to embed compliance, performance, and security into the design—not as an afterthought.

Every rollout includes:

• Training and knowledge transfer e mbedded in the project plan

• RACI models for accou ntability clarity

• Service provider shadowing (BOT model) that transitions to internal ownership posthandover

• Hypercare phase with real-time SLA monitoring and escalation playbooks This approach consistently results in smooth transitions, higher team engagement, and faster time-to-value. It also ensures that new technology doesn’t just get implemented, it gets adopted, secured, and operationalized effectively.

BARRY MAINZ

For 25 years, Forescout has been at the forefront of network security innovation, pioneering Network Access Control when enterprises first grappled with securing unknown devices connecting to their networks. Our network security expertise uniquely positions us to ad-dress today›s most critical challenge: protecting the infrastructure that powers modern so-ciety. From power grids that light our cities to medical devices that save lives, from air traffic control systems to water treatment facilities–every system is connected.

The cybersecurity landscape has reached an inflection point that our network security her-itage prepared us to address. Legacy security models focused on the perimeter are insuffi-cient for today›s hyperconnected, cyber-physical world. Our deep understanding of net-work behavior, device identification, and access control provides the foundation for secur-ing these mission-critical environments for many years to come.

The Critical Infrastructure Imperative

Critical infrastructure encompasses the vast interconnected web of systems underpinning modern society. When hospital medical devices are compromised, patients› lives are at risk. When airport operational technology is breached, thousands of travelers are strand-ed. When electric utility control systems are infiltrated, entire regions lose power.

The numbers are stark: our 2024 Threat Report recorded 900 million attacks – a %114 in-crease from 2023›s 420 million attacks. Most alarming, attacks on critical infrastructure rose by %668 from 2022 to 2024 In %57 ,2024 of all incidents targeted critical infrastructure sectors, including energy, oil and gas, electric and water utilities, airports, and hospitals.

The challenge lies in domain convergence. Today›s critical infrastructure operates across information technology (IT), operational technology (OT), Internet of Things (IoT), and Inter-net of Medical Things (IoMT) environments. Each domain has distinct security require-ments, protocols, and risk profiles – yet they›re increasingly interdependent.

The Visibility Gap: What You Can›t See Can Hurt You

Traditional security approaches focus on managed devices – laptops, servers, and network equipment that IT departments purchase, configure, and maintain. But unmanaged devices far outnumber managed ones today. Industrial control systems run operating systems that no longer exist alongside new IoT sensors deployed across facilities.

In healthcare environments, a single hospital might have thousands of connected medical devices –MRI machines, infusion pumps, patient monitors, ventilators. Many run on legacy operating systems, have hardcoded credentials, and weren›t designed with cybersecurity in mind. Yet they›re now network-connected and often internet-accessible.

From Network Access Control to Universal Zero Trust

Forescout›s journey began with Network Access Control (NAC), and we›ve evolved this foundation into something far more powerful. Today›s nextgeneration NAC is part of a ho-listic, data-centric framework that reduces attack surfaces and aligns with modern cyber-security best practices. By leveraging synergies between NAC, network security, and Zero Trust principles, our platform enables comprehensive security strategies that are effective and operationally efficient across IT, OT, IoT, and IoMT environments.

Zero Trust fundamentally shifts the security paradigm from «trust but verify» to «never trust, always verify» – particularly relevant where network security assumptions can have catastrophic consequences. This evolution from traditional NAC to Zero Trust-enabled asset intelligence reflects how security solutions must adapt as threats evolve.

A New Approach: The Forescout 4D Platform™

At Forescout, we›ve pioneered comprehensive asset intelligence – the only automated cybersecurity approach that continuously identifies, protects and ensures the compliance of all managed and unmanaged assets – IT, IoT, IoMT and OT. This transcends inventory man-agement, creating living, breathing understanding of every connected device.

The cybersecurity landscape has reached an inflection point that our network security her-itage prepared us to address. Legacy security models focused on the perimeter are insuffi-cient for today›s hyperconnected, cyber-physical world. Our deep understanding of network behavior, device identification, and access control provides the foundation for secur-ing these missioncritical environments for many years to come.

The Critical Infrastructure Imperative

The numbers are stark: our 2024 Threat Report recorded 900 million attacks – a %114 in-crease from 2023›s 420 million attacks. Most alarming, attacks on critical infrastructure rose by %668 from 2022 to 2024. In ,2024 %57 of all incidents targeted critical infrastruc-ture sectors, including energy, oil and gas, electric and water utilities, airports, and hospitals.

The Visibility Gap: What You Can›t See Can Hurt You

The fundamental challenge is getting complete visibility into what needs protection. In conversations with CISOs across industries, one theme emerges consistently: you cannot protect what you cannot see. Traditional security approaches focus on managed devices – laptops, servers, and network equipment

that IT departments purchase, configure, and maintain. But unmanaged devic-es far outnumber managed ones today. Industrial control systems run operating systems that no longer exist alongside new IoT sensors deployed across facilities.

In healthcare environments, a single hospital might have thousands of connected medical devices – MRI machines, infusion pumps, patient monitors, ventilators. Many run on legacy operating systems, have hardcoded credentials, and weren›t designed with cybersecurity in mind. Yet they›re now network-connected and often internet-accessible.

From Network Access Control to Universal Zero Trust

A New Approach: The Forescout 4D Platform™

Discover: Thirty-plus discovery methods, over 180 integrations, and APIs provide real-time asset discovery and inventory across all device types, and mapped to the Purdue model. The platform detects assets and maintains accurate, contextual records throughout their lifetime, tracking lifecycle events from purchase to decommissioning.

Assess: Assessment capabilities show risks in context, correlating multiple datapoints across heterogeneous environments and prioritizing based on risk scoring and impact. Ad-vanced vulnerability detection uncovers unpatched assets using Forescout›s curated data-base enriched with Exploit Prediction Scoring System (EPSS), CISA’s KEV, and Forescout’s Vedere Labs Research KEVs.

Control: Automated asset compliance checking and remediation includes quarantining, traffic blocking, and coordinated responses. Advanced threat detection uses deep packet inspection, event analysis, and Vedere Labs threat intelligence to trigger automated policy enforcement that contains threats and resolves violations.

Govern: Centralized enforcement of security policies ensures operational consistency and organizational governance at scale. Unified policy management across critical decision points enables enterprise-wide compliance, role-based access, and zero trust segmenta-tion without disrupting operations, and the ability to report on it over time, not just at a point in time.

Operational Technology: The New Frontier

This comprehensive approach is particularly critical for operational technology (OT) – hardware and software monitoring. Today›s competitive pressures force organizations to connect OT environments to IT networks, enabling remote monitoring, predictive mainte-nance, and data analytics.

This convergence creates unique security challenges. OT systems are only down for a short window once or twice a year, creating a significant gap between when a patch is released and when it can be installed. What’s more, it may run on unsupported legacy operating sys-tems operated by teams lacking deep cybersecurity expertise.

Industry Breadth and Global Depth

Our global footprint extends across six continents, with more than 1,000 of the world›s most secure enterprises and military installations across 37 countries.

Our regional presence provides unique insights into diverse cybersecurity challenges. In the Middle East and Africa, we›ve established regional headquarters in Dubai, serving organizations across energy-rich nations where OT security is paramount. In Asia Pacific, we established headquarters in Singapore and created a customer support center in Pune, In-dia. From Singapore›s smart nation initiatives to India›s digital infrastructure expansion, from Japan›s industrial automation to Australia›s critical resource sectors, the region pre-sents diverse challenges requiring deep local understanding with global platform capabili-ties.

Looking Forward

The threat landscape facing critical infrastructure will continue evolving. Nationstate ac-tors, such as Volt Typhoon and others, have become more sophisticated, cybercriminal groups increasingly focus on high-value targets, and attack surfaces expand as more de-vices connect and systems become interdependent.

Organizations most resilient in this environment embrace comprehensive asset intelli-gence as core capability. They recognize security isn›t just about having the right tools – it›s about complete visibility into what needs protection, understanding every connected de-vice›s risk profile, and responding quickly to emerging threats.

We envision a world where every cyber asset is seen, secure and compliant. This vision is achievable with the right approach, technology, and commitment to cybersecurity excel-lence.

The stakes couldn›t be higher. Modern infrastructure depends on our ability to see the in-visible, secure the unsecured, and protect systems that protect us all. Critical infrastructure security›s future lies in comprehensive asset intelligence, and the time to act is now.

Cybersecurity Is Everyone’s Job, Here’s How to Build the Culture

DR. SHABBIR NALWALA

Executive Advisor

Group Digital Governance and Transformation ADNOC Group

You’ve led complex digital transformations, what’s your framework for aligning digital innovation with long-term business objectives in highly regulated or operationally intensive industries?

Having worked with organizations within regulated industries like banks or government, I generally use a framework that aligns digital innovation with long term organizational strategy, while also maintaining the required compliance levels, operational efficiency and service excellence. The framework I use is based on five phases which are interconnected to each other.

Align with organization goals and regulatory dictates

Aligning each IT initiative or programs with both organizational goals and extended ecosystem like the UAE Digital Government Strategy or UAE Central Bank directives for financial sectors.

In government organization, this would mean enabling faster government services, improving citizen’s or resident’s experience or integrating with federal systems. In banking industry, it would mean aligning with customer centric transformational experience, open banking and while also adhering to UAE Central Bank mandates. In a nutshell, digital initiatives are never in isolation, they are directly mapped to business outcomes and public or customer service mandates.

Integrating Business Operations and Agile Execution

In both the industries, I tend to integrate every digital initiatives into core business operations as a business transformation enablers. This would result into redesigning the entire IT enabled business services or integrating real time compliance into banking systems. For execution, I apply agile delivery frameworks which would have stakeholder check ins to ensure alignment at every sprint.

Drive Governance and Compliance

Both banking and government organization operates under high regulatory scrutiny. I embed a robust GRC model that includes compliance, legal, risk, IT and business stakeholders. Whether its launching digital KYC in banking or automating government services workflows, governance ensures that innovation adheres to standards like ISO 27001, PCI DSS, UAEIA or AML/CTF frameworks.

Conduct IT Capability Maturity assessment

I conduct a capability maturity assessment covering services automation, customer experience, cybersecurity and data management. In banking, this might result in a need for API optimization or cloud-native infrastructure. In the government sector, the assessment might result in identifying the need for smart service orchestration or paperless compliance. Prioritization of these identified improvement initiatives are done using a matrix covering impact, benefits and risks.

Track Benefit Realization and Feedback

I track and measure the success continuously for all the transformation initiatives. Establish KPIs like customer satisfaction (CSAT), process digitization score and adherence to SLAs. Regular feedback loops from stakeholders, customers, regulators and internal employees feed into ongoing service improvements. In nutshell, this framework will assure that digital transformation will meet compliance and

operational needs in alignment with the strategic goals, stakeholder trust and deliver value to the organization.

From an enterprise buyer’s perspective, what makes a technology vendor stand out during both pre-sales and postdeployment phases?

Selling is not just talking about features of the product but to articulate how those product features would help me address the business’s problem statement. I appreciate vendors who take time to understand our business context and showcase a tailored demos/ presentation with right SMEs. A generic demo/presentation or boasting about their product or services just because a peer organization has implemented makes no sense. A vendor needs to understand not every organization is same and have different operating models and business challenges. Goal should be to address those specific business challenges. Also important to me is vendor’s transparency in terms of product/services limitations, pricing models, implementation approach and related constraints, change management challenges, flexibility are the key.

For me, a vendor is a ‘partner’ and not just a supplier. A partner is always a part of the organization in addressing the business challenges. They ensure smooth change management process, proactively address issues and offer local support with technically qualified teams. A standout vendor doesn’t just hand over documentation as part of the knowledge transfer but they co-create success metrics with us and remain accountable through SLAs, post implementation reviews or continuous optimization workshops.

What makes the difference is when a vendors invests in our success as much as in their own by being committed to ongoing value realization rather than one off delivery. Its not about being transactional.

How do you see cybersecurity governance evolving with the rapid adoption of AI, and what foundational elements should organizations have in place today?

With the rapid adoption of AI, cybersecurity governance is evolving from being static and control-based approach to the one that is more integrated, intelligent, and continuous.

AI introduces new risks like data poisoning, model manipulation and non-transparent decision-making. The traditional governance frameworks are not designed to handle such risks. Hence, organizations need to amend and expand their policies to address AI related threats by aligning with frameworks like NIST AI RMF or ISO 42001

Foundational elements that should be in place today include a clear AI governance policy, end to end data and model traceability, integration of AI risks into cybersecurity programs and embedding security throughout the AI lifecycle. Cybersecurity governance must adapt to ensure AI adoption is both secure and aligned with ethical and regulatory expectations.

You’ve worked hands-on with GRC and compliance frameworks. What advice would you give to organizations struggling to move from manual processes to automated, scalable GRC systems?

Having worked hands-on with GRC solutions and compliance frameworks across different industries, my advice to organizations

struggling with the shift from manual to automated, scalable GRC systems is to start small but strategically.

One of the most common risk is trying to automate everything at once without a clear understanding of current challenges and priorities. I recommend to first conduct a maturity assessment to identify high impact, high operational overhead manual area like risk assessments, policy management or control testing which can benefit most from the GRC automation. Based on this, align your GRC automation roadmap with business objectives and regulatory drivers.

It is also important to select a platform that offers flexibility, scalability and integration with existing systems like audit, risk, compliance, incident response, etc.

In your experience, how can vendors better align their roadmaps and solutions to the operational realities and constraints of large enterprises?

Understanding the context of the organization is key. I have seen several organizations facing complex operational constraints ranging from operational liabilities of legacy systems, adherence to regulatory compliance requirements and most importantly the change management challenges. As I mentioned earlier, vendors must act as a ‘partner’ and invest in understanding the context of the organization rather than pushing a one-size-fits-all solution.

In my opinion, they should involve stakeholders early in roadmap discussions, prioritize integration

capabilities rather than pushing isolated innovation and design the solution that are modular and configurable and easy to use. Transparency in terms of their support model, security posture and the licensing model is key for organization to manage their cash flows and project finances.

Vendors who act as strategic partners adapting their roadmaps to enterprise maturity and business timeline would build stronger and more trusted relationships.

What metrics do you believe are most telling when measuring the success of enterprise-wide digital or cybersecurity initiatives?

Most important metrics are those that highlights whether the initiative has delivered measurable business value while reducing risk and whether it has been trusted by the stakeholders.

To measure the success of transformative initiatives, I focus on metrics that reflect business value, risk reduction and are trusted by stakeholders.

For cybersecurity, key indicators include mean time to detect and respond (MTTD/ MTTR), closure rates of critical vulnerabilities, compliance scores or user awareness metrics, etc.

On the digital transformation initiatives, I generally look at adoption rates, improved process efficiency, customer satisfaction, ROI against business KPIs, etc.

What do you believe will define the next frontier in enterprise cyber resilience, and how should organizations prepare now

AI and emerging technologies are already here. The next frontier in cyber resilience

will be defined by organization’s ability to anticipate, adapt to and recover from threats emerging from AI and other advanced technologies like IoT, Blockchain, Robotics, Quantum computing, etc.

This will require a shift from reactive security to intelligence-led, automated and business integrated resilience structure. Organizations should prepare now by investing in real-time threat intelligence, automated response capabilities and cyber-risk quantification tied to business impact.

Technology aside, how do you build a culture where cybersecurity is everyone’s responsibility, from IT teams to business units?

Building a cyber aware culture starts with clear executive sponsorship and messaging that frames security as a business enabler and not just limiting it to IT responsibility. I focus on embedding cybersecurity into daily operations through role based awareness programs, scenario based training, and regular communication that ties risks to real world outcomes.

I also believe recognizing and rewarding secure behaviors, involving business units in risk assessments and aligning policies with operational realities helps foster ownership. If you can make employees understand how their actions impact the organization’s resilience and are empowered with the right knowledge, cybersecurity becomes a shared, sustained responsibility of everyone within the organization.

MOREY J. HABER

Chief

Top 5 Identity Security Mistakes and how to Outsmart them

A modern organization carries with it so much IT complexity that cyber-threat actors no longer favor traditional hacking; they prefer to log in. This makes identities the primary attack vector for our digital adversaries, which means we must give the protection of credentials and secrets equal priority to that of vulnerabilities and patch management.

A report from June 2024 claimed %99 of UAEbased organizations experienced “two or more identity-related breaches” in the preceding year. Organizations can no longer ignore the need for identity security in the face of an increasingly sophisticated threat landscape. A risk-management approach to identity and access-management solutions will be critical if enterprises are to take control of the entire life-cycle of identity tools and their cross-vendor integration. This methodology can uncover flaws buried within workflows and solutions that have been in production for years. If these legacy problems persist in the current threat climate, it may only be a matter of time before a breach occurs. We now have to consider identity security as a part of our everyday operations.

In establishing stronger identity security and management, it is advisable to account for the most common errors first. Consider the top five of them:

Ownership

Identity in the digital realm can apply to either a human or a machine, each with an account through which they own that identity. Humans may have multiple accounts, but for machine identities, a human should always be assigned as the owner. Machine identities include all accounts used for integrations, service accounts, and other machineto-machine communication. Any operation or session requiring authentication should be covered by identity management.

A common mistake is failing to include machine account ownership as something to be monitored

and managed. In many cases, the owners of service accounts, cloud-based secrets, or integration credentials are not documented, so the business is unaware of them. Unmanaged and unmonitored, these accounts can cause delays in response when events occur. This risk can be mitigated by recording an owner for every machine identity and regularly reviewing these records for accuracy — especially in dynamic environments with regular changes in personnel and technology.

Privilege

Every account associated with an identity is granted entitlements that can range from email, to storage, and Internet access all the way up to administrators, which are the custodians of the organization’s most sensitive information. It is not uncommon to find the highest level privileges assigned, for convenience only, to those who do not need them, which expands the risk surface substantially. Many breaches start with the targeting of junior employees. For threat actors, lateral movement is easier if they find the privileges they need without the need to find a vehicle for privileged escalation.

The principle of least privilege calls for IT administrators to assign only the required privileges necessary for an account’s owner to perform assigned functions. This eliminates overprivileged accounts and shrinks the risk surface by ensuring threat actors are less likely to be assigned high-level credentials on the first account they hijack.

Secrets

Any information not widely disclosed that provides authentication is known as a secret. These can be everything from a password to an API key. Their storage, reference, and retrieval must be highly secure to prevent threat actors from compromising them. Common errors in secret storage include using unencrypted spreadsheets or text files, or even browser-based password managers. All these

methods have their weaknesses and should be avoided. It is recommended to use a secure password or secrets-storage solution, and strictly manage access to it. Additionally, it is recommended that the storage solution itself be periodically tested for vulnerabilities.

MFA

To complement secrets, extra confidence in the identity-account relationship can be provided through multifactor authentication. While it is important for organizations to remember that many MFA solutions are flawed (SMS attacks, MFA fatigue, etc.). it is also true that any multifactor authentication is better than none. All human identities should have multifactor authentication implemented for each account they own, and it should also be in place for all access requests including any escalation of privilege requests.

Remoting

Many UAE organizations have established flexible working practices that allow employees to access corporate systems remotely. This access commonly extends to contractors, vendors and other user types, regardless of geolocation. The range of cloud services available through remote access is expanding every day, which presents a challenge to those tasked with providing enterprise-wide identity security. This is because each of these services requires some level of access to sensitive data, which means an associated identity must be managed.

Organizations must make sure they secure all remote access channels using industry best practices. They must also avoid using remote access technologies like RDP, SSH and FTP. RDP (Remote Desktop Protocol) and SSH (Secure Shell) do not adequately guard against simple brute-force attacks or credential stuffing and FTP (File Transfer Protocol) lacks encryption, leaving it open to eavesdropping and man-in-the-middle attacks. While these solutions can be used more securely with careful configuration, a more secure approach is to implement dedicated technology that is designed around the prevention of identity-based attacks.

The right controls

Perimeter security has become almost obsolete. Firewalls and other intrusion prevention systems are being replaced by solutions that mitigate modern attack vectors – identities. We live much of our lives in and around our digital identity and each of us has several accounts tied to it. Meanwhile, machine identities need ownership to allow their usage and maintenance to be appropriately monitored. But both human and machine identities, while indispensable, represent points of weakness if the right identity security controls are not in place.

Part of the maturity of any security model should be the mitigation of the common errors discussed here. The world has become irreversibly connected and our digital identities are part of that fabric. To protect them is to protect ourselves, our businesses, and our economies.

SPEAKERS

When the Backbone Bends

On July morning, the backbone of global tech distribution wobbled.

Ingram Micro, a company that connects cloud platforms, hardware manufacturers, and tens of thousands of business customers across more than 160 countries, disclosed that ransomware had breached its internal systems. And while operations continued in some form, the event sent ripples across the technology supply chain.

The attack wasn’t just an IT issue. It was a moment of disruption for a vast and highly interconnected ecosystem, and a stark reminder that digital supply chains are only as strong as their most exposed endpoint.

The Attack: What We Know

In an official statement, Ingram Micro confirmed that it had “recently identified ransomware on certain of its internal systems.” Without naming the threat actor or specifying the extent of the attack, the company stated that it immediately initiated containment protocols, took key systems offline, and engaged

leading third-party cybersecurity experts. Law enforcement was also notified.

“The Company took steps to secure the relevant environment, including proactively taking certain systems offline and implementing other mitigation measures,” the statement read.

While the exact vector of entry has not been disclosed, industry sources suggest the ransomware group SafePay may have been behind the attack, an emerging, technically sophisticated group that has gained notoriety in 2025 for targeting high-availability service platforms and exploiting VPN vulnerabilities and weak lateral segmentation.

System Outage and Stakeholder Impact

Ingram Micro’s operations are central to the global IT supply chain. Its Xvantage™ platform offers real-time order processing, subscription cloud licensing, billing automation, and personalized procurement—think Amazon-level e-commerce sophistication, but for enterprise tech.

An outage here isn’t just an internal hiccup. It

potentially halts procurement cycles, disrupts product fulfillment timelines, and creates downstream issues for managed service providers (MSPs), resellers, and even OEMs that depend on just-in-time inventory.

For several days in early July, users across key markets, including North America, Europe, and parts of Asia, reported intermittent access to ordering systems, account portals, and shipment tracking. Some partners described the issue as a “total blackout,” while others saw service resume regionally as recovery unfolded in phases. Despite the disruption, Ingram has projected cautious confidence in its ability to restore systems. Still, the full extent of the outage's financial and reputational impact remains to be seen.

Ingram’s Role in the Global IT Ecosystem

Ingram Micro is responsible for the distribution of more than 50$ billion worth of IT products and services annually, bridging the gap between manufacturers like Dell, Cisco, and Microsoft and a

vast web of local and regional channel partners. Through Xvantage™, Ingram Micro has repositioned itself from a traditional distributor to a digital-first, AIaugmented platform. It enables resellers and service providers to:

• Access personalized product recommendations

• Manage cloud and hardware subscriptions

• Automate invoicing, billing, and renewals

• Track order logistics globally

All of this relies on uptime, integration, and trust. A ransomware attack isn’t just a speed bump—it’s a direct hit to the foundation.

Crisis Communications and Forward-Looking Risks

Ingram’s public acknowledgment of the incident came within a few days of initial system disruptions. While that’s not uncommon in high-stakes cyber events, where containment and coordination take precedence, some partners criticized the delayed transparency, particularly in light of the company’s critical position in their supply chains.

The company’s press release included extensive

forward-looking statements, signaling the legal and operational caution necessary during an unfolding incident:

“There can be no assurance that management’s expectations, beliefs, and projections will result or be achieved,” the statement noted.

Larger Lessons for the Cybersecurity Community

If there’s one overarching takeaway from the Ingram Micro incident, it’s this: distribution infrastructure is now squarely in the crosshairs of modern ransomware groups.

The reasons are clear:

• Centralized access: Distributors like Ingram serve as aggregation points for tens of thousands of vendors and partners.

• Automation and cloud integration: High-value platforms with seamless backend systems are prime targets for lateral movement and privilege escalation.

• High-pressure recovery timelines: Disruption at this level prompts swift and potentially costly decisions, exactly what ransomware actors bet on.

This isn’t just a one-off event. It’s part of a larger trend of attacks against digital logistics hubs, including MSPs, ERP platforms, and even payment processors. Organizations that once assumed “we’re just middlemen” now find themselves front and center in cyber risk conversations.

Resilience, Not Just Response

To mitigate future threats, cybersecurity leaders, especially those in vendor management and supply chain risk, should revisit questions such as:

• How dependent are we on single-platform providers?

• Do our business continuity plans include upstream supply chain failures?

• Are our third-party vendors contractually obligated to report breaches or outages in real time?

• Have we validated their segmentation, backup and recovery capabilities?

The Ingram incident may prove to be a turning point in how the industry views distribution resiliency. Just as zero-trust has become the go-to model for internal architecture, we may soon see a “zero-assumption” approach to vendor uptime and business continuity.

One Node, Many Impacts

The ransomware attack on Ingram Micro may not be the largest of 2025, but it might be one of the most revealing. It shows how vulnerable even the most established technology giants can be, and how dependent the broader market is on their continuity.

As cybersecurity evolves, the boundaries between internal IT and external operations continue to blur. Today’s risk is not just about what happens behind your firewall. It’s about what happens when your most trusted partner’s firewall fails.

AHMAD ALSHAER

Five Trends Reshaping Middle East Security Priorities in the Second Half of 2025

With the second half of 2025 underway, cybersecurity teams across the Middle East are recalibrating their strategies in light of a rapidly evolving threat landscape. The region’s accelerated digital transformation, spurred by ambitious national visions, smart city developments, and expanded cloud adoption, has placed security firmly at the forefront of organisational resilience. From critical infrastructure protection to AI-driven defence, it’s clear that cyber threats are becoming more sophisticated and regionally targeted.

Here are five key trends shaping how public and private sector organisations in the Middle East are reinforcing their cybersecurity posture for the rest of the year.

Global events can increase the threat level

In times of crisis, an upsurge in cyber-attacks is usual. Threat actors are often hard at work taking advantage of vulnerable individuals, systems and government resources for financial, political or other gain.

As a result, many companies’ data, potential access information, client information, source code and other critically sensitive data, could end up in the hands of criminals or state-sponsored adversaries wanting to do harm.

Such attacks can have profound implications for critical infrastructure and industrial sectors around the world. For example, instead of targeting endusers directly, attackers now compromise the supply chain itself, which is becoming a primary attack vector for large-scale data breaches and cyber incidents. These supply chain attacks

have a profound effect on our modern technology landscape that relies on a shared responsibility model.

With sovereign wealth funds across the region pouring billions into technology and AI, from the UAE’s NextGen FDI initiative, to Saudi Arabia’s planned US40$ billion AI fund and the Qatar Investment Authority betting big on technology, it’s no surprise that the Middle East is increasingly in the crosshairs of cyber attackers.

Attacks can target critical infrastructure and our homes

When the lights go out or the gas is cut, most people are unlikely to think it’s the result of an industrial cybersecurity breach. But operational technology (OT) is an emerging battleground for cyberattacks, with the systems that control and automate factories and critical civil infrastructure (including power stations, water-treatment plants and dams) becoming a target.

With threat actors intent on doing damage to our society, we have to be ready to respond to these kinds of incidents and recover from it as effectively as possible while minimising loss.

And with ongoing geopolitical tensions, the OT cyber threat could continue to grow, putting pressure on industries to ensure they stay one step ahead by baking in cybersecurity protection across their operations.

In the GCC, where governments are investing heavily in smart grids, utilities and mega infrastructure projects, the need to secure OT environments is critical. National oil companies, desalination plants, and transport authorities are all ramping up defences as cyber attackers increasingly turn their attention to the convergence of IT to OT.

Cyber, cyber everywhere

We’re more connected to our phones, apps, social channels, text message services and other things now more than ever, which can have devastating consequences for organisations and individuals if proper cyber awareness isn’t applied.

And the uptick in cybersecurity incidents has coincided with the shift to remote working, as criminals seek to take advantage of the increased attack surface available to target. Perimeter security deployed at the office is no longer suited to adequately defend employees in this new environment or with modern interconnected capabilities.

We use our phones and the apps in them for almost anything: from getting live updates and texts from friends on social media to posting job updates on LinkedIn to engaging with gaming apps. This has increased the opportunities for attackers to gain your attention and potentially target you or your family members for online fraud or abuse.

For example, a single click on a seemingly harmless link on WhatsApp can open the door to cyber threats and can compromise your personal information and potentially put your organisation’s data at risk. And the same applies if you overshare sensitive information about your life events or job on social channels.

Unauthorised access to security controls as part of a zero-trust strategy (a cybersecurity model requiring users to be authorised at every level of network access) could prevent sensitive resource compromise in the workplace, even if a specific device is breached.

With the Middle East’s youth-heavy population, digital literacy campaigns and cyber hygiene education are becoming essential. Governments in the UAE, Saudi Arabia, Qatar and Bahrain are increasingly focusing on public-private collaboration to raise awareness and improve cyber readiness at every level of society.

AI is a force multiplier

As organisations confront the complexities of escalating cyber threats, they need people with the right skills to protect their data and systems.

We hear a lot about how the global cybersecurity skills gap is widening, leaving many organisations vulnerable to increasing cyber threats. And the lack of qualified professionals is largely due to how quickly the cybersecurity industry and cyber threats have evolved. Almost overnight, companies have realised that they need a dedicated cybersecurity professional, or an entire team, on staff.

One way around this is to broaden the candidate pool to bring junior candidates into the fold and grow them with on-the-job training. This can include candidates who might not have the specialised skills required, but come with analytical potential, problem-solving skills and technical promise. And by providing proper training to existing employees, organisations can empower them with career mobility and to become the first line of defense against potential threats.

In addition, AI and machine learning can work as a force multiplier for smaller security teams, which gives organisations a better chance against the newest strains of malware.

This is not meant to replace valuable and scarce expertise, but rather augment it by using AI to support overtaxed security analysts, identity management professionals and incident responders who need to sort through an increasing amount of information to do their jobs. And with the help of AI to automate analyst functions at machine speed, security teams can focus their attention on higher-value tasks.

Not Just an IT Imperative

Cybersecurity is no longer just a technical imperative. It’s a strategic pillar for resilience and growth in the digital age. As Middle East nations push forward with ambitious digital agendas, there is increasing recognition that cyber risks must be addressed with equal urgency. The second half of 2025 presents an opportunity for organisations to reinforce their cyber defences, invest in local skills, and embrace AI securely. By staying informed, proactive and regionally attuned, public and private sector entities can ensure they remain ahead of emerging threats, and continue building trust in the region’s digital future.

WHY LEGACY SECURITY CAN’T STOP AI-POWERED THREATS

Senior Manager - Sales Engineering MEA

An identity-based attack occurs when an adversary gains access to systems as a trusted user, often through stolen, or purchased, credentials or social engineering.

CrowdStrike

How do identity-based breaches differ from traditional malware attacks?

An identity-based attack occurs when an adversary gains access to systems as a trusted user, often through stolen, or purchased, credentials or social engineering. Instead of exploiting vulnerability or deploying malware, the attacker logs in as a trusted user. Once inside, they escalate privileges and move laterally across systems. These identity-based intrusions have rapidly evolved, often leveraging GenAI for increasingly convincing social engineering campaigns to gain credentials and access. Legacy identity controls struggle to keep up with the step change in tactics adversaries are using, and many lack the ability to analyze behavior and detect suspicious activity post-access. At the same time, the explosion of agentic AI is driving a surge of machine identities. These autonomous agents have non-human identities with persistent privileges and can be hijacked when a human identity is compromised, enabling adversaries to exfiltrate data, manipulate systems, or move laterally across critical business applications.

Why are today’s attacks bypassing legacy security tools?

Legacy security solutions focus on endpoints and network security but fail to address the dynamic nature of identity threats. These tools often lack the ability to correlate identity-based anomalies across the enterprise: user behavior, device log-ins, compromised credentials. To stay ahead of persistent identity threats, organizations need a modern platform approach that unifies AI-driven detection, visibility across multiple security domains - identity, endpoint, cloud - and continuous monitoring across the entire kill chain.

How should CISOs shift the boardroom security conversation?

CISOs should focus on framing cybersecurity as a business enabler, not just a technical function. Rather than detailing how specific threats like identity-based attacks work, the conversation should center on the tangible consequences of a successful breach, such as operational disruption, customer data loss, financial penalties, and reputational damage. It is also critical to illustrate these risks through realworld examples or internal simulations. Demonstrating how quickly an attacker can move through an

environment using compromised credentials, and how difficult that can be to detect, helps underscore the urgency.

Above all, security should be positioned as foundational to business continuity and growth. Strong cybersecurity is not just about mitigating risk. It is about safeguarding the systems, data, and trust that the organization relies on to operate effectively and compete in the market.

Why is siloed security no longer effective?

Siloed security is no longer effective in today’s threat landscape, where adversaries routinely move across endpoints, identities, and cloud environments. When security tools operate in isolation, organizations suffer from fragmented visibility, inconsistent alerts, and delayed response times. An endpoint solution that lacks insight into cloud activity, or an identity system that cannot detect lateral movement, creates blind spots attackers can exploit.

The modern approach requires consolidation, not more disconnected tools. A unified platform that integrates identity, cloud, endpoint, and AI enables security teams to detect and respond to threats with full context and greater speed across the entire attack surface.

How does CrowdStrike use AI to detect threats in real time?

Artificial intelligence is built into the foundation of the CrowdStrike Falcon® platform, enabling realtime threat detection, investigation, and response. Unlike tools where AI is added later, the Falcon platform uses native AI to analyze data across endpoints, cloud workloads, and identities with speed and precision.

CrowdStrike Charlotte AI™, CrowdStrike’s generative and agentic cybersecurity analyst, enhances this capability by transforming natural language into precise security actions, guiding investigations, and handling routine tasks autonomously. With agentic capabilities, Charlotte AI can make informed decisions, initiate response workflows, and continuously adapt based on real-time context. This reduces manual effort, accelerates triage, and helps analysts stay focused on high-priority threats.

What cybersecurity gaps are unique to the MENA region?

Across the MENA region, digital transformation is gaining momentum, but the pace of cloud adoption varies significantly by sector and geography. In industries where cloud migration is still emerging, organizations often rely on legacy infrastructure that lacks the visibility and flexibility needed to address modern threats. As businesses continue to adopt cloud and hybrid environments, they will need to strengthen their ability to monitor identity activity, manage privileged access, and respond to threats in real time.

At the same time, many organizations operate with fragmented security tools and limited access to specialized cybersecurity expertise, which can delay threat detection and complicate coordinated response efforts. In sectors such as healthcare and manufacturing, investment in cybersecurity may not yet match the level of digital adoption, leaving critical systems exposed.

What’s the one thing CEOs or CISOs must understand about today’s threats?

Today’s threats are no longer defined by malware alone. Modern adversaries are well-resourced, highly adaptive, and increasingly difficult to detect. They exploit legitimate credentials, impersonate users, and quietly move through systems without triggering traditional defenses. At the same time, they are leveraging AI to automate, accelerate, and scale their operations with unprecedented speed.

The most important shift is that threat actors now operate faster than most organizations can respond. This means that cybersecurity strategies must evolve from reactive to real time. Defending against today’s threats requires identity-first protection, AI-driven decision-making, and the ability to act immediately across cloud, endpoint, and identity environments.

ZIAD NASR

General Manager

Backups May Offer a False Sense of Security for Organisations That Overlook One Critical Factor

If the events of recent months have taught us anything, it’s how quickly the ground beneath our feet can shift. For businesses across the Middle East, the sudden escalations we’ve seen, from airspace closures disrupting airlines to GPS jamming affecting over 900 marine vessels , are a stark reminder of how fragile continuity can be. In moments like these, the ability to recover and resume operations quickly becomes not just a technical consideration, but a matter of business survival.

Yet too often, organisations focus only on backing up their data without truly planning for how fast they can bring it back online when the unexpected strikes. In a region where political, economic and environmental turbulence can unfold overnight, that oversight can prove costly.

The hidden cost of downtime

Every organisation today runs on data, whether customer records or operational systems. Without rapid access to it, even the most resilient business grinds to a halt. Industry surveys have found the median cost of downtime sits at around US125,000$ per hour. Just three hours of disruption can wipe out US375,000$, and a single disrupted eight-hour workday edges close to US1$ million.

These figures aren’t confined to any one sector. Airlines navigating complex airspace closures, banks processing millions of transactions daily, and hospitals delivering time-critical care, all depend on their systems being up and staying up. The IT system failure at Heathrow earlier this year, which left thousands of passengers stranded and cost airlines millions, is a sobering example. The impact of such outages ripples outward: eroded customer trust, regulatory penalties, reputational damage.

In short, the question isn’t if an incident will happen, but how fast you can recover when it does.

Why backups alone aren’t enough

It’s tempting to treat backup like an insurance policy, a box to tick and forget about. As long as your data is stored somewhere, you’re covered, right? But what many businesses discover too late

is that traditional backup systems, while effective at preserving data, often fall short when it comes to restoring it quickly.

When a cyberattack or hardware failure hits, backedup data that remains inaccessible for hours, days or weeks, is no better than lost. Unfortunately, that’s the reality for many organisations today. A 2024 IDC survey found businesses experienced an average of more than four data-related disruptions per year, and a quarter suffered over ten. Alarmingly, nearly %30 cited staff shortages as a major barrier to effective recovery.

These challenges are particularly acute in the Middle East, where IT teams are often stretched thin and tasked with ambitious transformation agendas. When outages occur, relying solely on overburdened IT staff to manually restore system soften by visiting each machine or location in person, creates a dangerous bottleneck.

Empowering non-IT staff to act

This is where the conversation must shift from simply having backups to enabling rapid recovery, ideally in a way that doesn’t require specialist intervention.

Think of a bank branch in Riyadh unable to serve customers because of a system failure. Or a regional airline grounded by a ransomware attack while trying to reroute flights around closed airspace. In both cases, waiting hours or even days for IT specialists to arrive on-site is unthinkable.

A smarter approach is to equip frontline employees, even those without technical expertise, with tools and processes that allow them to restore systems at the push of a button. Often referred to as one-click recovery, this concept simplifies and automates recovery workflows so that non-IT staff can get core systems up and running quickly, while IT teams focus on more complex priorities.

For businesses in the Middle East, where skilled IT talent is scarce and often concentrated at headquarters, such empowerment is not just a convenience but a necessity. It can mean the difference between a brief disruption and a catastrophic loss of revenue, customer confidence and market share.

What to look for in a recovery solution

As business leaders seek to strengthen their resilience, it’s worth noting what sets an effective rapid recovery solution apart.

First and foremost, simplicity. The ability to restore entire systems or devices with minimal steps, ideally through a single interface, is invaluable. Next, flexibility. The solution should work seamlessly across diverse environments, including remote sites, airgapped networks, or dissimilar hardware. It should support cloud, hybrid and on-premises systems. Finally, empowerment. Recovery processes should be intuitive enough for frontline staff to execute confidently without waiting for overstretched IT resources. When these conditions are met, the speed of recovery accelerates significantly.

By embedding these capabilities into their resilience strategies, organisations can better weather whatever comes next, be it a cyberattack, a geopolitical event or a routine hardware failure.

The time to act is now

The risks businesses face today are not hypothetical. Data loss, ransomware, human error and natural disasters are everyday realities, and their frequency and impact are only increasing. The Middle East is no exception; if anything, our region’s fast-growing digital economies and unique operating challenges make the need for resilience even more urgent.

By investing in rapid, easy-to-use recovery solutions and empowering all staff to play their part, businesses can not only survive these critical moments, but emerge stronger and more trusted. Because in the end, it’s not just the quality or security of your backups that counts, it’s how fast you can bring your business back to life when minutes matter.

Resilience isn't about having backups, it's about how fast you can bring them back to life, empowering every team member to act when seconds count.

Qualys Unveils Agentic AI for Real-Time Cyber Risk Management

Sumedh Thakar President & CEO Qualys

Qualys, has announced new Agentic AI capabilities on the Qualys platform.

The new AI fabric powers a marketplace of Cyber Risk AI Agents. These agents deliver real-time insights across all attack surfaces, prioritized by business impact. They also help reduce risk and operational costs through autonomous remediation at speed and scale. This enables a more efficient and intelligent Risk Operations Center (ROC).

As cyber threats grow in volume and complexity, security teams face millions of exposures with little context. Manual processes lead to delays and unaddressed vulnerabilities. To solve this, Qualys introduced Agentic AI to eliminate repetitive tasks and enable risk-focused workflows.

According to Tyler Shields, principal analyst at Enterprise Strategy Group (ESG), “Integrating Agentic AI into the Qualys platform marks a major leap from reactive response to realtime risk reduction.

” He added that this innovation supports faster remediation and greater accuracy. By embedding Agentic AI into Enterprise TruRisk Management (ETM), Qualys enhances risk-centric automation. ETM already aggregates exposures to align cyber risk with business value.

IBM Reveals Drop in Data

Breach Costs for Middle East

IBM has released its 2025 Cost of a Data Breach Report, revealing a notable decrease in average breach costs for businesses in the Middle East. According to the report, the average cost fell to SAR 27.00 million, down 18% from SAR 32.80 million the year before.

The report highlighted that AI/ML-driven insights, encryption, and a DevSecOps approach were the top three factors that helped reduce costs for organizations in the region.

Despite the drop, lost business remained the largest cost category, averaging SAR 11.63 million. Postbreach response costs followed at SAR 7.50 million, with detection and escalation at SAR 6.55 million, and notification costs at SAR 1.32 million.

IBM reported that the financial sector experienced the highest breach costs at SAR 34.00 million. The energy and industrial sectors followed closely with SAR 32.00 million.

Saad Toma, General Manager of IBM Middle East and Africa, noted the region’s proactive use of AI. He stated that AI-driven tools are enhancing detection and response, but emphasized the need for continued investment in security talent and governance.

AmiViz Expands Cybersecurity Partnership

with Kaspersky

AmiViz, the Middle East’s cybersecurity-focused value-added distributor, and global cybersecurity firm Kaspersky have announced the expansion of their strategic partnership into the GCC region.

This move builds on the companies’ longstanding collaboration in Egypt, where they have jointly empowered partners with advanced cybersecurity solutions. The expansion marks a new phase of regional growth and is aimed at addressing an increasingly complex threat landscape across the Gulf.

The partnership in Egypt has been a model of success. It combined Kaspersky’s globally recognized threat intelligence and security technologies with AmiViz’s strong distribution network and partner enablement capabilities.

According to Ilyas Mohammed, COO at AmiViz, the collaboration has fostered innovation and trust in Egypt. He noted that AmiViz’s digital-first strategy and robust partner ecosystem will help scale this success across the GCC region.

Samer Malak, Head of Channel for Middle East, Turkiye and Africa at Kaspersky, reported that growing demand for cybersecurity in the Middle East has made this expansion timely.

CyberKnight Partners with Nozomi Networks for Africa

CyberKnight, a cybersecurity distributor in the Middle East, Levant, and Africa, has announced a new strategic partnership with Nozomi Networks. The agreement grants CyberKnight distribution rights for Nozomi’s cybersecurity solutions across Africa, excluding South Africa. The focus will be on Central, East, and West Africa.

This partnership aims to support large enterprises and critical infrastructure sectors with advanced cybersecurity protection and expertise.

Nozomi Networks is a recognized leader in operational technology (OT), Internet of Things (IoT), and Cyber-Physical Systems (CPS) security.

The company was named a leader in the Gartner® Magic Quadrant™ for Cyber-Physical Systems Protection Platforms. Out of 17 evaluated vendors, Nozomi ranked high in both vision and execution.

According to Gartner Peer Insights, Nozomi Networks received a 4.9 out of 5-star rating, based on more than 120 customer reviews. Customers praised the company’s robust features, easy deployment, and strong support.

Ilyas Mohammed COO

AmiViz

Phantom Labs Boosts BeyondTrust’s Cyber Research

Marc Maiffret Chief Technology Officer BeyondTrust

BeyondTrust, has announced the official launch of its dedicated cybersecurity research team, BeyondTrust Phantom Labs™.

This move marks a significant milestone in BeyondTrust’s mission to enhance identity security and advance threat analysis. Phantom Labs aims to uncover emerging cyber threats, support industry collaboration, and shape global security standards.

The team builds on years of experience in real-world threat analysis, vulnerability disclosures, and identityfocused innovation.

According to BeyondTrust, Phantom Labs will adopt an attacker mindset to reveal how threat actors escalate access and maintain control. The company also revealed that new research leadership and strategic hires will accelerate this effort.

The research team is expected to help defenders proactively detect and disrupt identity exploitation across hybrid and cloud environments.

Emirates Announces Measures Against Cyber Scams

Emirates has announced it is addressing a rise in cyber scams involving fraudulent advertisements on social media platforms. The airline reported that these deceptive ads impersonate the official Emirates website. They use lookalike links, branded visuals, and unauthorized trademarks to mislead users. These cyber scams direct users to purchase fake tickets, share personal information, or click on malicious links. Emirates revealed it has temporarily suspended all advertising on social media channels to prevent further risks to customers.

The airline is actively collaborating with social media platform providers. This cooperation aims to quickly identify and remove fraudulent ads, often within minutes of their appearance.

Emirates emphasized that customer safety remains a priority. The airline encourages users to remain alert and carefully verify any suspicious content before engaging with it.

This announcement highlights the growing challenge of cyber scams targeting social media users. Emirates continues to monitor the situation closely and urges caution when interacting with online advertisements.

Cloudflare Reveals Q 2025 Global Internet and Cyber Threat Trends

Bashar Bashaireh AVP Cloudflare

Cloudflare has announced its Q2 2025 Global Internet Trends and Insights report, revealing important shifts in web traffic and cybersecurity patterns worldwide. The company reported blocking an average of 190 billion cyber threats daily, marking a 21% increase year-over-year (YoY). Despite this, threat volume dropped 23% quarter-over-quarter (QoQ) following a surge earlier in the year. Additionally, Cloudflare handled 5.8 trillion daily internet requests globally, showing a 9% increase QoQ and a 40% rise YoY.

Regionally, North America blocked 41.5 billion daily threats, up 18% YoY but down 12% QoQ. Europe, Middle East & Africa (EMEA) saw 62.7 billion threats blocked daily, up 22% YoY and down 16% QoQ. Asia-Pacific (APAC) recorded 57.4 billion daily blocks, up 24% YoY and down 29% QoQ. Latin America (LATAM) blocked 19 billion threats daily, with a 15% YoY rise but a 36% drop QoQ.

In the Kingdom of Saudi Arabia (KSA), internet traffic remained steady from Q1 to Q2 2025. However, mitigated cyber threats decreased by 6% QoQ. The region faced 294 million cyber threats blocked daily, showing a significant 76% decrease QoQ, following a major attack spike in Q1. Key targeted sectors included Internet, Consumer Goods, IT Services, and Airlines.

NETSCOUT Enhances DDoS Defense with

AI-Powered Features

NETSCOUT SYSTEMS, has announced new AI-driven enhancements to its NETSCOUT Arbor Edge Defense and Arbor Enterprise Manager platforms.

These updates aim to help customers automate operations, improve reporting, and strengthen defenses against evolving Distributed Denial of Service (DDoS) threats. The enhancements leverage artificial intelligence to accelerate detection and response, offering stronger protection for critical applications and services.

The solutions are powered by the ATLAS Intelligence Feed. This feed monitors over 700 Tbps of global internet traffic across more than 500 ISPs and 2,000 enterprise sites in over 100 countries. It provides realtime threat intelligence, enabling NETSCOUT products to mitigate up to 80% of DDoS attacks without the need for additional analysis.

According to IDC, 41% of organizations report online attacks, including DDoS incidents, cost them over $100,000. About 5% have reported losses exceeding $1 million. The increasing use of AI/ML in launching attacks underscores the need for automated, intelligent defense systems.

META’s Cyber Gap Shrinks:

Managed Security Surges 71 %

The META cybersecurity landscape is facing a critical inflection point. Organisations are under increasing pressure to safeguard growing digital assets, but the shortage of skilled cybersecurity professionals is creating a widening protection gap.

Now, new data from the CONTEXT META

Monthly webinar reveals a %71 year-overyear increase in managed security services (MSS) adoption during the first half of 2025 It›s a clear signal: businesses are shifting strategies, leaning into outsourced security expertise to meet today’s escalating cyber risk with resilience and speed.

The cybersecursity market in the META region is undergoing a substantial change, driven by an acute shortage of skilled professionals and the increasing sophistication of cyber threats. Drawing on the latest data from the CONTEXT META Monthly webinar, the first half of 2025 has seen a remarkable %71 YoY increase in the adoption of managed security services, a clear indication that organisations are increasingly turning to external providers to

bridge their cybersecurity talent gaps and enhance their defensive capabilities. This growth not only highlights a critical regional challenge but also redefines how security is being delivered across these markets.

Escalating costs of data breaches

The imperative for robust cybersecurity measures in the Middle East and Africa is underscored by alarming statistics. The cost of a data breach in the Middle East reached an average of 8.75$ million in early 2025, nearly double the global average of 4.88$ million. This substantial financial impact accentuates the heightened targeting of the META region and the pressing need for investment in cybersecurity infrastructure and expertise.

The pervasive skills gap

Despite the evident need, organisations across META, much like their counterparts in Europe and America, are grappling with a pervasive cybersecurity skills gap. Building and maintaining an effective in-

house Security Operations Centre (SOC) demands a commitment of resources, including the recruitment and retention of highly qualified cybersecurity professionals. This challenge is compounded by the unrelenting nature of cyberattacks, which operate 24 hours a day, 365 days a year, necessitating constant vigilance and immediate response capabilities. For many businesses, particularly those operating with limited resources or facing rapid expansion, assembling such a dedicated internal team is an increasingly unfeasible undertaking.

The rise of managed security service providers

This is precisely where Managed Security Service Providers (MSSPs) are proving to be indispensable. The %71 growth in managed services in -2025H1 reflects a strategic shift by META organisations to outsource their cybersecurity requirements. MSSPs offer a compelling solution by providing access to a team of dedicated cybersecurity experts who can manage and monitor security operations around the clock. This approach is often faster, more cost-effective, and ultimately more secure than attempting to build an in-house team from scratch. The ability of MSSPs to offer continuous monitoring and rapid incident response without the burden of internal staffing and infrastructure concerns is a key driver of this rapid adoption.

Changing market dynamics

While the growth in managed services signals a proactive response to the skills crisis, other segments of the cybersecurity market reveal a more

nuanced picture. Network security has seen a %19 increase in 2025, with security appliances also experiencing double-digit growth. This investment in next-generation firewalls, intrusion detection systems, and secure web gateways reflects the region›s focus on securing network perimeters as digital transformation initiatives accelerate, particularly with the construction of new offices in the Middle East.

Traditional infrastructure protection solutions, typically representing on-premise data centre security, have seen a %12 decline. This decrease aligns with the growing trend towards cloud adoption and hybrid models, as organisations migrate their infrastructure to public cloud platforms and leverage native security tools such as Azure Security Center and AWS GuardDuty. This dual movement robust investment in managed services and network security alongside a decline in traditional on-premise infrastructure protection, illustrates a market in transition, adapting to new operational models and threat landscapes.

Future outlook

The substantial uptake of managed security services in the META region is a clear indicator of a mature approach to addressing contemporary cybersecurity challenges. It demonstrates that organisations are prioritising effective security outcomes over in-house resource constraints, embracing a model that leverages external expertise for sustained protection. As cyber threats continue to increase in complexity and frequency, the role of MSSPs will undoubtedly become even more central to the cybersecurity strategies of businesses across the Middle East and Africa.

ding

and UPDATES across our socials.

ةجئار

GuardDuty

Kaspersky

MIDDLE EAST

Talents Academy, CyberX ,F5 BARQ Systems

When your workplace is everywhere, security is everything

HP Wolf Security brings a host of advanced technologies to your endpoint cyber-defences, supporting HP and non-HP (OEM) PCs, and HP printers.