The study found that one in three successful cyberattacks were attributed to Advanced Persistent Threat (APT) groups, which predominantly target government institutions and critical infrastructure. While the rapid adoption of new IT solutions is driving efficiency, it simultaneously expands the attack surface for malicious actors.

Cybercriminals in the region heavily utilize social engineering tactics (61% of cases) and malware (51%), often employing a combination of both. Remote Access Trojans (RATs) emerged as a primary weapon in 27% of malware-based attacks, indicating a common objective of gaining long-term access to compromised systems.

The analysis revealed that credentials and trade secrets (29% each) were the most sought-after data, followed by personal information (20%). This stolen data is frequently leveraged for blackmail or sold on the dark web. Beyond data theft, 38% of attacks resulted in the disruption of core business operations, posing significant risks to critical sectors like healthcare, transportation, and government services.

APT groups are identified as the most formidable threat actors due to their substantial resources and advanced technical capabilities. In 2024, they accounted for 32% of recorded attacks, with a clear focus on government and critical infrastructure. Their activities often extend beyond traditional cybercrime, encompassing cyberespionage and even cyberwarfare aimed at undermining trust and demonstrating digital dominance.

Dark web analysis further revealed that government organizations were the most frequently mentioned targets (34%), followed by the industrial sector (20%). Hacktivist activity was also prominent, with ideologically motivated actors often sharing stolen databases freely, exacerbating the cybercrime landscape.

The United Arab Emirates, Saudi Arabia, Israel, and Qatar, all leaders in digital transformation, were the most frequently cited countries on the dark web in connection with stolen data. Experts suggest that the prevalence of advertisements for selling data from these nations underscores the challenges of securing rapidly expanding digital environments, which cybercriminals are quick to exploit.

Positive Technologies analyst Alexey Lukash said, “In the near future, we expect cyberthreats in the Middle East to grow both in scale and sophistication. As digital transformation efforts expand, so does the attack surface, creating more opportunities for hackers of all skill levels. Governments in the region need to focus on protecting critical infrastructure, financial institutions, and government systems. The consequences of successful attacks in these areas could have far-reaching implications for national security and sovereignty.”

To help organizations build stronger defenses against cyberthreats, Positive Technologies recommends implementing modern security measures. These include vulnerability management systems to automate asset management, as well as identify, prioritize, and remediate vulnerabilities. Positive Technologies also suggests using network traffic analysis tools to monitor network activity and detect cyberattacks. Another critical layer of protection involves securing applications. Such solutions are designed to identify vulnerabilities in applications, detect suspicious activity, and take immediate action to prevent attacks.

Positive Technologies emphasizes the need for a comprehensive, result-driven approach to cybersecurity. This strategy is designed to prevent attackers from disrupting critical business processes. Scalable and flexible, it can be tailored to individual organizations, entire industries, or even large-scale digital ecosystems like nations or international alliances. The goal is to deliver clear, measurable results in cybersecurity—not just to meet compliance standards or rely on isolated technical fixes.

Could you tell us about Positive Technologies’ presence at this year’s GISEC event and the solutions you’re showcasing?
This year at GISEC, we’re presenting our latest cybersecurity solutions with a strong focus on hands-on, practical expertise. At our stand, we’re demonstrating sophisticated attack techniques like direct memory access attacks and full injection attacks – these show just how easily devices like laptops can be compromised. We’ve also significantly expanded our Hackosphere area compared to last year, featuring interactive engagements including soldering, device hacking, fixed attacks, and stenography challenges. We’ve doubled the size of this interactive space and hope to see twice the engagement as well.

How does participating in this event help you engage with regional companies?
We’re seeing tremendous participation from across industries – government representatives, oil and gas companies, financial institutions, and many partners. GISEC has established itself as one of the most efficient and prominent cybersecurity events not just in the UAE, but across the entire Middle East region.

Could you share your observations about the current threat landscape in the region and how you’re helping companies address these challenges?
Through our Threat Research Center – the largest in Eastern Europe – we continuously monitor critical infrastructure and analyse activity across the deep and dark web globally. In the Middle East specifically, we’re observing significant activity from APT groups, including state-sponsored hackers and hacktivists targeting critical national infrastructure. Their methods typically involve compromising internal organisational systems or creating backdoors, which they often then sell access to on dark web markets.

What challenges are companies facing regarding AI-powered attacks?
AI is undoubtedly the hot topic in cybersecurity right now. While AI capabilities are becoming increasingly sophisticated and powerful, I firmly believe human expertise remains irreplaceable. That said, we’re seeing substantial AI integration from both sides – threat actors are leveraging it for attacks while cybersecurity professionals are using it for defense. This dual adoption is creating significant impacts, and we anticipate this trend will continue growing over the next 5-10 years.

Are you collaborating with any local entities or governments to address these AI-related security challenges?
Absolutely. We’re actively working with local partners, government agencies, and regional companies to help them understand the AI threat landscape and demonstrate how AI and machine learning can be effectively used to protect their infrastructure.

What key advice would you give regional organisations looking to improve their security posture?
My fundamental recommendation is to invest in human capital. Knowledge and expertise are assets you can’t simply purchase – they need to be developed. An organisation might have the best security tools and infrastructure, but without capable personnel, these resources become ineffective. This is why we emphasise sharing our expertise – not just in defense strategies, but in incident response, investigations, and most importantly, in building local capabilities to elevate overall cybersecurity maturity levels.

“Multiple countries in the Middle East have made significant strides in cybersecurity. However, organizations in the region remain an attractive target for cybercriminals, as our research shows,” says Ilya Leonov, Regional Director for MENA, Positive Technologies. “At GISEC Global 2025, we will focus on application security (AppSec) and operational technology security (OT security). Our team will share best practices for using PT Network Attack Discovery, which detects cybercriminal activity in the network traffic and also aids in incident investigation and proactive threat hunting. We’ll also be talking about a range of our other products and solutions to help you get real value from your cybersecurity investments. Additionally, our experts will demonstrate sophisticated attack methods and explain how to defend against them.”

Visitors to the Positive Technologies booth will have the opportunity to observe offensive security specialists simulating DMA attacks, using various devices to bypass defenses and gain access to valuable information. An accessible and user-friendly tool for chip security analysis will also be presented to GISEC participants. This tool, which simulates fault injection attacks, will be demonstrated in action, and the Positive Technologies team will deliver a workshop for cybersecurity professionals.

Positive Technologies will also be organizing four activities in the Hack-O-Sphere zone. At Fixathon, guests will have the opportunity to test their skills in fixing code vulnerabilities and improve their secure development skills. The second activity is dedicated to steganography: guests will be encouraged to find words encrypted in the works of renowned artists and get acquainted with this fascinating method of information transmission. At the workshop on hacking devices, participants will learn how attackers exploit physical access vulnerabilities and how to defend against such attacks. At the soldering workshop, you’ll have the opportunity to craft a useful mini-gadget.

The newly discovered approach to exploitation can be applied to attacks on devices equipped with Intel Pentium, Celeron, and Atom processors from the Denverton, Apollo Lake, Gemini Lake, and Gemini Lake Refresh series. Production of these chips has ended, yet they remain in embedded systems, such as automotive electronics, and in ultra-mobile devices, including e-readers and mini-PCs. Intel was notified in accordance with the responsible disclosure policy but rejected the described problem and refused to take measures to eliminate or reduce the threat level.

The main exploitation vector involves supply chain attacks. Attackers can embed spyware at the assembly or repair stage without altering the hardware. “This approach requires no soldering or any other physical modification,” said Ermolov. “Local access is enough to retrieve the encryption key and inject malicious code into Intel CSME firmware. These implants often slip under the radar of Intel Boot Guard, virtualization-based security (VBS), and antivirus solutions. They can operate unnoticed, capture user data, lock devices, erase or encrypt files, and carry out other destructive actions.”

A secondary risk involves exploiting these formerly patched flaws to bypass DRM safeguards, which can grant unauthorized access to content from various streaming services. The newly identified method also circumvents some Amazon e-reader protections, allowing threat actors to copy data on devices powered by vulnerable Intel Atom processors. Attackers can also use these tactics to access data on encrypted storage devices like hard drives or SSDs. This approach can target laptops or tablets built on the at-risk processors.

The SSRF vulnerability, rated 6.5 on the CVSS 3.0 scale, affected versions 7.x through 8.0.x. When exploited, this vulnerability could hypothetically expose companies to attacks on internal networks, since it allowed an attacker to send arbitrary HTTP requests to external or internal resources on behalf of the server. To address the vulnerability, users should promptly update to Veeam Service Provider Console version 8.1.0.21377 or later.

According to the vendor, Veeam solutions are used by more than 550,000 customers from different countries, including 74% of Forbes Global 2000 companies. According to publicly available search engines, the list of the most active users of Veeam products is headed by the United States, Germany, and France, while UAE ranks 32nd. Veeam has the largest market share among global data replication and protection software vendors and has been named a leader in Gartner’s Magic Quadrant for Enterprise Backup and Recovery Software Solutions report for eight years in a row.

Veeam Service Provider Console could potentially be attacked directly from the web. As of January 2025, open-source data indicated that there were 2587 vulnerable systems worldwide. The majority of installations are in the United States (26%), Türkiye (20%), Germany and Great Britain (6% each), Canada and France (5% each).

“Before the patch was released, the vulnerability primarily posed a risk to large enterprise segment companies—the main users of Veeam Service Provider Console,” said Nikita Petrov, a Senior Penetration Testing Specialist in the Security Analysis Department, Positive Technologies. “Attackers could initiate a request from the server to a resource that is not accessible from the outside and gain the ability to interact with it. This would allow them to obtain information about the victim’s network infrastructure and thus simplify the implementation and subsequent development of attacks. For example, one possible consequence of the penetration could be the exploitation of vulnerabilities present in internal systems.”

This is not the first vulnerability in Veeam Software products that Positive Technologies experts have helped to fix. In 2022, Nikita Petrov discovered two security flaws at once in Veeam Backup & Replication, a popular backup system for automating backup and disaster recovery. Another flaw was discovered in Veeam Agent for Microsoft Windows, a Windows data backup software.

Experts estimate that performing a popular phishing attack involving ransomware costs novice cybercriminals at least $20,000. First, hackers rent dedicated servers, subscribe to VPN services, and acquire other tools to build a secure and anonymous IT infrastructure to manage the attack. Attackers also need to acquire the source code of malicious software or subscribe to ready-to-use malware, as well as tools for infiltrating the victim’s system and evading detection by security measures. Moreover, cybercriminals can consult with seasoned experts, purchase access to targeted infrastructures and company data, and escalate privileges within a compromised system. Products and tools are readily available for purchase on the dark web, catering to beginners. The darknet also offers leaked malware along with detailed instructions, making it easier for novice cybercriminals to carry out attacks.

Malware is one of the primary tools in a hacker’s arsenal, with 53% of malware-related ads focused on sales. In 19% of all posts, infostealers designed to steal data are offered. Crypters and code obfuscation tools, used to help attackers hide malware from security tools, are featured in 17% of cases. Additionally, loaders are mentioned in 16% of ads. The median cost of these types of malware stands at $400, $70, and $500, respectively. The most expensive malware is ransomware: its median cost is $7,500, with some offers reaching up to $320,000. Ransomware is primarily distributed through affiliate programs, known as Ransomware-as-a-Service (RaaS), where participants in an attack typically receive 70–90% of the ransom. To become a partner, a criminal must make a contribution of 0.05 Bitcoin (approximately $5,000) and have a solid reputation on the dark web.

Another popular attack tool is exploits: 69% of exploit-related ads focus on sales, with zero-day vulnerability posts accounting for 32% of them. In 31% of cases, the cost of exploits exceeds $20,000 and can reach several million dollars. Access to corporate networks is relatively inexpensive, with 72% of such ads focused on sales, and 62% of them priced at under a thousand dollars. Among cybercriminal services, hacks are the most popular option, accounting for 49% of reports. For example, the price for compromising a personal email account starts at $100, while the cost for a corporate account begins at $200.

Dmitry Streltsov, Threat Analyst at Positive Technologies, says, “On dark web marketplaces, prices are typically determined in one of two ways: either sellers set a fixed price, or auctions are held. Auctions are often used for exclusive items, such as zero-day exploits. The platforms facilitating these deals also generate revenue, often through their own escrow services, which hold the buyer’s funds temporarily until the product or service is confirmed as delivered. On many platforms, these escrow services are managed by either administrators or trusted users with strong reputations. In return, they earn at least 4% of the transaction amount, with the forums setting the rates.”

Considering the cost of tools and services on the dark web, along with the median ransom amount, cybercriminals can achieve a net profit of $100,000–$130,000 from a successful attack—five times the cost of their preparation. For a company, such an incident can result not only in ransom costs but also in massive financial losses due to disrupted business processes. For example, in 2024, due to a ransomware attack, servers of CDK Global were down for two weeks. The company paid cybercriminals $25 million, while the financial losses of dealers due to system downtime exceeded $600 million.

How is generative AI being utilized to enhance cybersecurity measures today?
Generative AI (GenAI) is revolutionizing cybersecurity by automating threat detection, accelerating incident response, and improving defense mechanisms. AI-driven security tools analyze vast amounts of data to detect anomalies, generate attack simulations, and optimize security policies in real time. In the UAE and the broader Middle East, financial institutions and critical infrastructure sectors are actively adopting AI to mitigate cyber threats.

For instance, Dubai’s Digital Protection Initiative integrates AI for real-time risk assessment in the financial sector. AI-powered SOC automation or autonomous SOCs are also on the rise, reducing false positives and improving analysts’ efficiency when there is a lack of qualified personnel.

What potential risks does generative AI introduce in the cybersecurity landscape, such as AI-driven cyberattacks?
While GenAI enhances cybersecurity, it also introduces new attack vectors. Malicious actors can use AI to create highly convincing phishing emails, deepfake scams, and automated malware. Research by Positive Technologies found that AI-powered phishing attacks increased. Additionally, cybercriminals in the Middle East are using AI for social engineering attacks targeting financial institutions and government agencies. AI can also be exploited to bypass traditional security controls by generating code to evade detection, as demonstrated in a recent UAE-based cybercrime case involving AI-generated ransomware.

How can organizations leverage generative AI for proactive threat detection and response?
Organizations can use GenAI for threat intelligence automation, behavioral analytics, and predictive analytics. AI-driven SIEM, SOAR, and autonomous SOC solutions help detect early-stage cyber threats, reducing response time significantly. For example, MaxPatrol O2 prepares and implements a relevant response scenario to timely stop an attacker in less than 1 minute.

In the UAE, banks and telecom providers are deploying AI to identify fraud patterns in financial transactions. AI can also simulate cyberattacks, improving an organization’s response readiness through continuous penetration testing and attack surface analysis.

What ethical concerns arise when using generative AI in cybersecurity, and how can they be addressed?
Key ethical concerns include bias in AI decision-making, data privacy issues, and potential misuse of AI models. In the Middle East, where data protection laws such as ADGM’s Data Protection Regulation and DIFC’s Data Protection Law are evolving, organizations must ensure AI systems comply with local data privacy regulations. Transparency is essential—companies should implement explainable AI (XAI) models to prevent unjustified access restrictions or false accusations based on AI-driven assessments. Another concern is the use of AI for offensive cybersecurity purposes, which requires global regulations to prevent AI from escalating cyber conflicts.

What challenges do cybersecurity teams face when integrating generative AI tools into their workflows?
The biggest challenges include data quality issues, model explainability, and integration with legacy systems. AI models require massive datasets to function effectively, but many Middle Eastern organizations lack proper data structuring. Another challenge is the high cost of AI implementation, which is a barrier for smaller businesses. Moreover, security teams lack skilled AI professionals, making it difficult to manage AI-powered SOC operations. UAE’s Cyber Security Council has launched initiatives to train professionals in AI-driven cybersecurity, but the skills gap remains a major hurdle.

Are there any notable examples of generative AI successfully preventing or mitigating cyberattacks?
Yes. In Saudi Arabia’s banking sector, AI-powered fraud detection systems have prevented millions in financial losses by identifying suspicious transactions in real-time. Similarly, Dubai International Airport uses AI-driven anomaly detection to prevent data breaches in its network infrastructure. Another example is AI-driven endpoint protection, which has successfully blocked zero-day malware attacks in government institutions in the UAE.

How do you see generative AI evolving in the cybersecurity domain over the next few years?
AI in cybersecurity is expected to shift towards autonomous defense systems and real-time threat neutralization. AI-powered self-healing networks will enable organizations to detect and mitigate attacks without human intervention. AI-driven deception technology will also advance, tricking attackers with fake data. The UAE is investing in AI research and cybersecurity R&D, particularly in Abu Dhabi’s Hub71 and Dubai’s Cyber Security Strategy, which will likely drive AI adoption in critical infrastructure protection and smart city security.

Positive Technologies participated in GISEC 2024 and GITEX 2024 in Dubai, dedicating its expositions to the use of AI in security products. And we saw a huge interest in this area, which led to many pilot projects in government organizations, as well as in companies in the financial and oil sectors.

What role does human oversight (HITL) play in ensuring generative AI systems are effectively managing cybersecurity threats?
Human oversight is critical in AI-driven security to prevent false positives, biases, and misinterpretations. AI can detect threats, but human analysts provide context and decision-making expertise. UAE’s financial regulators require human verification in AI-powered fraud detection systems to avoid unnecessary account freezes. A hybrid AI-human approach is essential, where AI handles large-scale data analysis, while security experts focus on investigation and strategic response.

How can smaller organizations with limited budgets incorporate generative AI for cybersecurity?
Smaller businesses can leverage AI-powered cloud security solutions that offer cost-effective threat detection. Many vendors provide AI-driven SOC-as-a-Service solutions or AI-driven virtual Security Analyst-as-a-Service, allowing SMBs to use AI for endpoint protection and log analysis without large upfront investments. Open-source AI tools provide free or low-cost alternatives. In the Middle East, government initiatives, such as UAE’s Smart Protection Program, offer subsidized AI-driven security tools to support SMEs.

What best practices would you recommend for implementing generative AI tools while minimizing risks?

1. Start with clear objectives: Define what AI should improve—threat detection, response automation, or risk assessment.
2. Ensure regulatory compliance: Align AI implementation with UAE’s cybersecurity and data protection laws.
3. Use explainable AI (XAI): Avoid “black-box” AI models that lack transparency in decision-making.
4. Combine AI with human expertise: Use AI to enhance, not replace, security teams.
5. Adopt a zero-trust architecture: AI-driven access control should work alongside strong identity verification.
6. Conduct adversarial testing: Continuously test AI models against evolving threats to prevent exploitation.
7. Monitor AI outputs regularly: Avoid over-reliance on AI-generated threat intelligence by validating its accuracy.

The vulnerability, which is registered as BDU:2024-06211 with a CVSS 3.0 score of 8.4, affects the following D-Link models: DIR-878, DIR-882, DIR-2640-US, DIR-1960-US, DIR-2660-US, DIR-3040-US, DIR-3060-US, DIR-867-US, DIR-882-US, DIR-882/RE, DIR-882-CA, and DIR-882-US/RE. At the time of the research, vulnerable routers could be discovered using search engines in the United States, Canada, Sweden, China, Indonesia, and Taiwan.

According to the manufacturer, these models are no longer supported. D-Link recommends retiring the outdated devices and replacing them with supported devices that receive firmware updates. “If this vulnerability is successfully exploited, a malicious user authorized in the router’s web interface can compromise the entire device and gain access to all traffic passing through it,” says Vladimir Razov, Web Application Security Analyst at PT SWARM, the offensive security department at Positive Technologies.

As a temporary measure to mitigate the threat, Vladimir Razov recommends using OpenWrt (an open-source embedded operating system based on the Linux kernel and designed specifically for routers) or changing the login credentials for accessing the router’s web interface. Previously, Positive Technologies helped address vulnerabilities in Zyxel routers and other Zyxel devices. Positive Technologies also enhanced its PT Industrial Security Incident Manager (PT ISIM) with an additional expertise pack, enabling cybersecurity teams to detect attempts to exploit vulnerabilities in MikroTik routers and Cisco switches.

Egypt is a regional leader in digital technology. Between 2022 and 2024, the number of internet users in the country increased by 6.3 million, exceeding 82 million. According to the 2023–2024 report by the International Telecommunication Union, Egypt was one of 12 nations to receive the highest rating in the Global Cybersecurity Index. Meanwhile, the rapid digitalization has caught the attention of cybercriminals: Positive Technologies ranks Egypt second in Africa for the number of cyberattacks, accounting for 13%.

In 2024, Positive Technologies uncovered over a hundred listings on dark web forums offering stolen databases for sale or free distribution. These databases contained confidential information belonging to Egyptian citizens and organizations. Most of the reports about data breaches involved individuals (40%), followed by e-commerce (22%), as well as the service and transportation sectors (10% each). One of the posts, for example, advertised the sale of personal data of 85 million Egyptian citizens. Safeguarding companies’ cybersecurity and protecting client data have become top priorities for both businesses and the government.

Dmitry Serebryannikov, Chief Hacking Officer at Positive Technologies, said, “The meetup in Cairo will mark a significant step forward in building a global community of cybersecurity experts. We see this as our mission: to share knowledge, collectively enhance security, and combat the rising tide of cyberthreats worldwide.”

Ilya Leonov, Regional Director for MENA, Positive Technologies, stated, “In Egypt, our company is represented through local partners: last year, we signed cooperation agreements with several providers of cybersecurity services and solutions in Egypt and the broader region. We will continue to expand our partner network in the Middle East and Africa, support the development of human resources through joint educational projects, and share our rich expertise and practical experience with our colleagues.”

At Positive Hack Talks in Cairo, speakers will cover key cybersecurity topics, including business logic vulnerabilities, client-side attacks, GraphQL security, and IoT exploitation. They include Ahmed Qaramany, Penetration Tester at DeepStrike, LLC, who will be demonstrating a structured approach to pentesting GraphQL; Fares Walid, Senior Security Consultant at Buguard, who will be exploring unconventional techniques for identifying business logic bugs and analyzing JavaScript; and Ksenia Naumova, Senior Malware Analyst at Positive Technologies, who will be sharing insights on detecting new threats using generic network rules. The event will also feature discussions on eBPF security, JVM fuzzing, and high-impact hacking techniques, offering attendees valuable knowledge and networking opportunities.

Positive Technologies kicked off its global meetup series in 2024. In October, an open cybersecurity event was held in Bengaluru (India), and in November, the meetups continued in Hanoi (Vietnam).

Can you provide an overview of the current cybersecurity landscape for critical infrastructure in the MEA region?
Cyber threats to critical infrastructure in the MEA continue to rise due to geopolitical tensions and increasingly sophisticated threat actors. In response, governments are tightening regulatory regulations and emphasizing OT security. The focus is on proactive defence, compliance, and integrating advanced security frameworks to safeguard essential services from nation-state actors and cybercriminals.

What are the most notable trends in cyber attacks targeting these systems?
Advanced Persistent Threat (APT) groups are increasingly targeting OT systems within critical infrastructure. According to Positive Technologies research, these attacks are often highly sophisticated, persistent, and often politically or financially motivated. To counter these threats, organizations must enhance their detection, prevention, and response capabilities, including establishing robust OT Security Operations Centers (SOC) to monitor and mitigate threats in real-time.

Which sectors in the MEA region are most vulnerable to cyber attacks, and why?
Our research reveals that the energy, water, transportation, and healthcare sectors are prime targets due to their critical role in national infrastructure. A breach in any one can trigger cascading failures across others. Additionally, many organizations rely on legacy OT systems with limited security controls, making them attractive targets for cybercriminals and state-sponsored attackers intent on causing widespread disruption.

What are the primary motivations behind cyber attacks on critical infrastructure in the MEA region?
Cyberattacks in the MEA region are primarily driven by geopolitical tensions, financial gains, and sabotage. Nation-state actors pursue strategic advantages, while cybercriminals exploit vulnerabilities for ransomware and data theft. Also, disruptive attacks can serve as a tool for economic or political pressure.

How important is employee training and awareness in preventing cyber attacks on critical infrastructure?
Employee training and awareness are crucial for safeguarding critical infrastructure. Human error remains one of the biggest cybersecurity risks, as a single mistake can compromise sophisticated security defences. Regular security training, phishing simulations, and awareness programs ensure employees recognize threats and act accordingly.

What role does proactive threat intelligence play in securing critical infrastructure systems?
Threat intelligence provides actionable insights into Indicators of Compromise (IOCs), emerging threats, and APT activities. Proactive intelligence enables organizations to detect and mitigate threats before they escalate, improving response times and enhancing overall security posture in critical infrastructure protection.

Are there any technologies being deployed to safeguard critical infrastructure in the region?
In the MEA region, security efforts include advanced technologies like AI, machine learning (ML), and Zero-Trust Architecture. While AI and ML enhance threat detection, automate response mechanisms, and reduce false positives; Zero-Trust enforces strict access controls, ensuring that only verified users and devices interact with critical systems, reducing attack surfaces.

What are the biggest challenges companies face in securing critical infrastructure in the MEA region?
Key challenges include a shortage of OT security expertise, reliance on outdated legacy systems, and limited security budgets. Organizations struggle to integrate modern cybersecurity solutions with existing infrastructure, making it essential to prioritize risk-based security strategies and workforce development.

What role do MEA governments play in regulating and enforcing cybersecurity standards for critical infrastructure?
MEA governments are actively introducing regulations and cybersecurity frameworks to strengthen critical infrastructure security. Compliance with these standards is essential for improving resilience. Public-private partnerships, threat intelligence sharing, and regulatory enforcement play a key role in raising cybersecurity maturity levels.

How can companies ensure business continuity while recovering from a cyber attack on their critical systems?
Effective incident response and recovery planning are crucial to maintaining business continuity after a cyber attack. Organizations must engage cybersecurity experts to contain threats, restore operations, and improve resilience. Business continuity strategies, including regular backups, disaster recovery plans, and cyber drills, ensure rapid recovery while minimizing operational and financial impact.