What do you see as the most critical emerging cybersecurity threats in 2025, and how should organizations prepare for them?
Emerging technologies like AI and ML are disruptors leading to the rise of cyberattacks. AI-powered attacks are increasingly affecting businesses via phishing scams, ransomware attacks, malware attacks, and endpoint vulnerability exploitation. Organisations need to move beyond traditional defences to mitigate this risk. By investing in proactive measures, like penetration testing to uncover vulnerabilities, and using purple team exercises to simulate real-world attacks, organisations can improve their threat detection and response.

With threats targeting both on-premises systems and cloud environments, it’s crucial to secure all digital fronts. Companies must also run tailored incident response drills to stay ready for fast-moving threats. Ultimately, building a strong, adaptive cybersecurity strategy that accounts for AI-driven attacks is essential to protect digital assets and stay resilient in the face of evolving cyber risks.

How is the rise of AI and quantum computing reshaping the cybersecurity landscape, and what risks do they introduce?
As much as it is being hailed for making our lives easy, AI has also become a powerful ally for digital miscreants. In particular, threat actors are using generative AI (GenAI) to create highly convincing phishing emails, fake websites, and deepfakes for deceiving users and stealing their information. Threat actors are also using GenAI to develop sophisticated malware that bypasses traditional security defences.

Similarly, quantum computing is a double-edged sword. These powerful machines are capable of rendering traditional encryption methods obsolete, especially public key cryptography, as what once took a traditional computer years to decode RSA-2048 (a widely used encryption algorithm) takes a quantum computer a matter of seconds or minutes to decode.

How do you predict ransomware tactics will evolve in the near future, and what proactive measures should businesses take?
Threat actors are using AI to develop sophisticated, highly accurate ransomware that not only widens the reach of the attack but increases the impact on its victims. And this issue will only get worse as threat actors evolve their use of AI to carry out these attacks, drastically altering the threat landscape.

Businesses can adopt several key strategies to defend against ransomware attacks effectively. These include improving employee awareness and periodic training, restricting user access by implementing a Zero Trust approach and multi-factor authentication, taking regular data backups, keeping systems updated, and configuring the firewall to filter out suspicious activities and network segmentation to limit the spread of malware.

How does regulatory compliance (like UAE’s Data Protection Law or Saudi’s NCA requirements) impact cybersecurity strategies for regional businesses?
Governments across the region, led by the UAE and Saudi Arabia, have taken it upon themselves to enforce a safe and resilient cyberspace. This is in line with the region’s ongoing efforts to promote digital innovation, thereby delivering better services for people and driving faster economic growth. Compliance mandates, like Saudi Arabia’s and the UAE’s PDPL, play a major role in setting various polices, standards, and guidelines to safeguard the IT infrastructure in the respective countries. By incorporating these controls in their cybersecurity strategies, regional businesses can improve their security posture and protect their sensitive data. Failure to do so not only makes them vulnerable to cyberattacks, but invites substantial fines, legal action, and loss of operating license.

Can you explain ManageEngine’s “unified security” approach and how it simplifies cybersecurity for enterprises?
With over 20 years of experience in observing the changing IT landscape and building highly scalable and integrable solutions, ManageEngine recognises there is no single path to cyber resilience for enterprises. To stay ahead of both established and emerging threats, there is a need to take a holistic approach wherein identities, endpoints, and network infrastructure are all properly secured and governed. ManageEngine’s AI-powered cybersecurity solutions, all of which have been built from ground-up, effectively ensure this. They also help enterprises comply with the most important cybersecurity frameworks and data privacy regulations like the GDPR and the PDPL.

How does ManageEngine leverage AI to enhance phishing simulations and employee training?
For over a decade, we have been researching emerging technologies, resulting in the development of our own in-house AI based on contextual intelligence. We understand AI’s importance in detecting and mitigating cyberattacks. Our AI capabilities can be leveraged for a variety of security use cases, such as ransomware protection, anomaly detection, data exfiltration, and preventing insider access abuse.

Most phishing attacks are carried out via email, which lures an individual to download malware that enables the attacker to breach the user’s system and network. By relying on AI, our solutions can flag potential phishing attempts by continuously analysing emails and websites. This will enable security administrators to prioritise such threats and mitigate their impact.

Could you tell us about Positive Technologies’ presence at this year’s GISEC event and the solutions you’re showcasing?
This year at GISEC, we’re presenting our latest cybersecurity solutions with a strong focus on hands-on, practical expertise. At our stand, we’re demonstrating sophisticated attack techniques like direct memory access attacks and full injection attacks – these show just how easily devices like laptops can be compromised. We’ve also significantly expanded our Hackosphere area compared to last year, featuring interactive engagements including soldering, device hacking, fixed attacks, and stenography challenges. We’ve doubled the size of this interactive space and hope to see twice the engagement as well.

How does participating in this event help you engage with regional companies?
We’re seeing tremendous participation from across industries – government representatives, oil and gas companies, financial institutions, and many partners. GISEC has established itself as one of the most efficient and prominent cybersecurity events not just in the UAE, but across the entire Middle East region.

Could you share your observations about the current threat landscape in the region and how you’re helping companies address these challenges?
Through our Threat Research Center – the largest in Eastern Europe – we continuously monitor critical infrastructure and analyse activity across the deep and dark web globally. In the Middle East specifically, we’re observing significant activity from APT groups, including state-sponsored hackers and hacktivists targeting critical national infrastructure. Their methods typically involve compromising internal organisational systems or creating backdoors, which they often then sell access to on dark web markets.

What challenges are companies facing regarding AI-powered attacks?
AI is undoubtedly the hot topic in cybersecurity right now. While AI capabilities are becoming increasingly sophisticated and powerful, I firmly believe human expertise remains irreplaceable. That said, we’re seeing substantial AI integration from both sides – threat actors are leveraging it for attacks while cybersecurity professionals are using it for defense. This dual adoption is creating significant impacts, and we anticipate this trend will continue growing over the next 5-10 years.

Are you collaborating with any local entities or governments to address these AI-related security challenges?
Absolutely. We’re actively working with local partners, government agencies, and regional companies to help them understand the AI threat landscape and demonstrate how AI and machine learning can be effectively used to protect their infrastructure.

What key advice would you give regional organisations looking to improve their security posture?
My fundamental recommendation is to invest in human capital. Knowledge and expertise are assets you can’t simply purchase – they need to be developed. An organisation might have the best security tools and infrastructure, but without capable personnel, these resources become ineffective. This is why we emphasise sharing our expertise – not just in defense strategies, but in incident response, investigations, and most importantly, in building local capabilities to elevate overall cybersecurity maturity levels.

Could you give us a brief overview of Group-IB’s presence at GISEC and your solutions?
This is our fourth year we are participating in GISEC, and our involvement has grown significantly—both in terms of visibility and the solutions we offer. Group-IB is one of the few full-platform players in cybersecurity, specialising in active threat intelligence, digital risk protection, fraud prevention, and monitoring. Fraud, in particular, is a rapidly evolving threat—growing in complexity and impact.

Speaking of evolving threats, what key changes are you seeing in the cyber threat landscape, especially in this region?
We’ve observed several concerning trends. First, APT (Advanced Persistent Threat) attacks have become far more sophisticated, driven by global geopolitics. Data exfiltration and theft are rampant. Second, fraud attempts are now borderless, with threat actors sharing intelligence across borders. And third, AI is a double-edged sword—while we use it for threat detection, attackers are leveraging AI for phishing, social engineering, and automating malicious campaigns.

Your Cyber Crime Center has been a major focus. Can you elaborate on its role?
Absolutely. We take a localised, intelligence-driven approach, meaning we develop threat insights at both country and industry levels. This allows us to brief governments, law enforcement, banks, and critical infrastructure providers on targeted risks.

Additionally, our Cyber Crime Center integrates multiple data streams—threat intelligence, fraud analytics, phishing scams, and money laundering patterns—into a unified system. This gives clients a real-time, 360-degree view of their threat landscape, helping them build stronger cybersecurity strategies.

What’s your key message for companies and attendees at GISEC?
There are three main takeaways. Attendees should stay updated on emerging trends, as new vendors and tools are constantly entering the market. They should prioritise tailored intelligence over generic open-source data. And they should maximise ROI on existing security investments before adopting new solutions.

How does Group-IB support its channel partners?
We’re a partner-first organisation, and we’ve launched several initiatives, including a certification program that enables partners to build expertise around our technology. We also conduct partner engagement surveys to gather feedback and improve collaboration, and we emphasise deep interoperability with other security solutions.

Beyond that, we address three key areas: CISO-level security, CFO-focused fraud prevention, and brand protection—each with dedicated solutions tailored to different organisational needs.

The briefing, themed “Establishing a Unified Cybersecurity Foundation to Safeguard the Expanding Digital and Intelligent Landscape,” featured presentations by Dr. Zhu Shenggao, Vice President of AI at Huawei Cloud Middle East & Central Asia; Richard Wu, President of Security Product Domain in the Data Communication Product Line, Huawei; and Yongjian Li, President of Data Protection, Huawei. Moderated by Colm Murphy from the Huawei European Cybersecurity Center, the session was attended by media representatives from the GCC, reflecting the region’s increasing emphasis on collaborative cybersecurity strategies.

Strategic Investment in Research and Development
Huawei’s commitment to cybersecurity is underscored by its sustained investment in research and development. Mr. Murphy highlighted the company’s dedication to innovation, noting that in 2024, Huawei allocated USD 24.6 billion to R&D, representing 20.8% of its annual revenue. “The company’s cumulative R&D investment over the past decade amounts to USD 171.1 billion, demonstrating its commitment to continuous advancement in cybersecurity,” Mr. Murphy stated. “Huawei currently employs more than 3,000 cybersecurity R&D personnel, with 5% of its R&D expenditure focused on enhancing the security of its products.”

This investment supports Huawei’s strategic approach to cybersecurity, predicated on the principle that security should be integral to system design and based on rigorous verification against established standards. This commitment is manifested in a comprehensive governance framework and a dedication to providing secure technologies through collaborative partnerships, contributing to industry standards, and upholding privacy and data sovereignty.

Addressing the Evolving Threat Landscape with AI-Native Security
A central focus of the briefing was the increasing prevalence of AI-driven cyberattacks. Mr. Wu emphasized the escalating frequency, sophistication, and covert nature of these threats, noting the utilization of AI technologies by malicious actors to execute advanced attacks and rapidly generate malware variants.

Dr. Zhu addressed this challenge by presenting Huawei Cloud’s AI-Native Security paradigm. “Cybersecurity and privacy protection constitute the cornerstones of development in the digital and intelligent world,” Dr. Zhu stated. “Our unified approach integrates protection across cloud, network, edge, and endpoint environments to provide the comprehensive security foundation necessary for organizations to innovate with confidence.”

Huawei Cloud’s AI Pangu security models integrate comprehensive threat intelligence with specialized capabilities, automating 99% of threat responses and significantly reducing incident detection times. This proactive approach is essential in an environment where conventional security measures are often inadequate in addressing rapidly evolving threats.

Mitigating the Threat of Ransomware: A Multi-Layered Defense Strategy
The briefing also addressed the escalating threat of ransomware, which Mr. Wu reported resulted in USD 42 billion in global losses in 2024. Huawei’s multi-layered protection solution provides active defense with a 99.99% ransomware detection rate, while its HiSec Endpoint product employs AI-driven monitoring to initiate file backup upon detection of suspicious encryption activity.

“In the context of an increasingly complex threat landscape characterized by more frequent, automated, and covert cyber-attacks, cybersecurity must transition from reactive to proactive threat containment,” Mr. Wu stated. “Our unified cybersecurity foundation reflects Huawei’s commitment to assisting organizations in safeguarding their critical digital assets while enabling continued innovation.”

Revolutionizing Data Protection and Recovery Capabilities
Mr. Li introduced Huawei’s innovative approach to data protection and storage security with the unveiling of the OceanProtect E8000. This advanced system features a 3-in-1 converged architecture that integrates backup software servers, short-term retention storage, and long-term retention storage into a unified system.

“Organizations today require comprehensive protection and rapid recovery capabilities,” said Mr. Li. “With OceanProtect E8000, we are providing both within a single integrated system that significantly reduces complexity while enhancing security.” The OceanProtect E8000 delivers a 5x improvement in recovery performance, enabling the restoration of 1TB of data in 20 seconds, and offers a high-density 2PB/2U capacity that reduces rack space requirements by up to 90% compared to conventional solutions.

Fostering Collaboration and Ensuring Compliance
During the Q&A session, the speakers highlighted Huawei’s strategic partnership with Jeraisy Group in Saudi Arabia and discussed Huawei’s Cloud Service Cybersecurity & Compliance Standard (3CS), a framework based on more than 16 global security standards that ensures robust compliance and governance across all deployments.

At GISEC, ESET will spotlight its latest innovations across threat intelligence, endpoint protection, extended detection and response (XDR), and cloud-native security. At GISEC 2025, ESET’s experts will demonstrate how its AI-driven, multi-layered security architecture empowers organizations to defend against advanced threats in real time, while also building long-term cyber resilience.

ESET’s participation highlights its dedication to supporting digital transformation across the GCC and broader Middle East region. As governments and enterprises continue to adopt cloud, mobile, and hybrid IT infrastructures, ESET’s solutions are enabling secure growth by providing deep visibility, adaptive threat protection, and operational flexibility. The company is also committed to enabling its regional partners through training, local support, and access to advanced tools designed for modern cybersecurity challenges.

Commenting on their involvement, ESET executives emphasized the strategic importance of GISEC in building stronger cybersecurity alliances. “As cyber threats become more sophisticated, collaboration and knowledge-sharing are key,” they said. “GISEC is a valuable platform for us to connect with regional leaders, share our award-winning technologies, and shape a more secure digital ecosystem.”

In a time where digital threats are evolving rapidly, Cloudflare continues to invest in cutting-edge technology that enables businesses to build, scale, and secure digital operations. GISEC 2025 attendees will get a first-hand look at Cloudflare’s Zero Trust platform, AI-native security innovations, Developer Platform, and DDoS mitigation capabilities, all engineered to meet the security demands of modern enterprises.

“As cyber threats become more sophisticated and the region experiences a surge in digital adoption, Cloudflare is committed to enabling secure, resilient, and fast digital experiences,” said Bashar Bashaireh, AVP, Middle East, Türkiye & North Africa at Cloudflare. “Our presence at GISEC reflects our commitment to helping organizations across the Middle East stay ahead of evolving threats, build more secure architectures, and embrace digital transformation with confidence.”

At Security Week 2025, Cloudflare introduced significant advancements to its Zero Trust suite, including Browser Isolation improvements, phishing-resistant authentication, and AI-powered threat detection – making Zero Trust easier to deploy and more powerful for global teams. According to Cloudflare’s Q1 2025 DDoS Threat Report, the company mitigated over 20.5 million DDoS attacks, up 358% YoY. Cloudflare blocked 4.8 billion packets per second (Bpps) attacks, 52% higher than the previous benchmark, and separately defended against a massive 6.5 terabits-per-second (Tbps) flood, matching the highest bandwidth attacks ever reported. Cloudflare will showcase its automated mitigation system, capable of stopping attacks in under 3 seconds, and how its 1.5 Tbps+ edge network ensures constant protection.

At Developer Week in April, Cloudflare unveiled Workers AI Templates, enhanced observability tooling, and WebSocket support, giving developers faster paths to building secure, scalable applications. The Workers AI platform, now running on GPUs in 180+ cities, empowers organizations to deploy low-latency, inference-ready AI apps globally.

Cloudflare’s recent Middle East & Turkey Security Report highlights that 73% of businesses in the region expect an increase in cyberattacks in 2025, yet 60% feel underprepared. Cloudflare’s regional presence and capabilities help bridge this gap with cloud-native solutions built for modern threats. Cloudflare is collaborating with Diligent and Qualys to power a next-generation cyber risk reporting solution—transforming how boards and executive teams gain visibility into cybersecurity posture.

As organizations across the Middle East accelerate cloud adoption and digital transformation, Cloudflare remains a trusted partner in securing networks, web applications, and APIs. The company’s global edge network ensures performance and compliance, while innovations in SASE and AI inference help customers stay resilient and competitive.