The OT-focused conference at GISEC Global tackled evolving risks, system vulnerabilities and strategies for securing critical infrastructure. Other important considerations included AI in ICS/OT Security, Quantum Computing Threat, Protecting ICS and SCADA Systems & Digital Supply Chains in the presence of top CISOs, CIOs, OT security heads and policy-makers to fortify SCADA, ICS and digital supply chains.

The global OT security market is projected to double to $44.9 billion by 2029 (as per Markets and Markets). According to research by IBM, the average cost of cyberattacks on organisations in the Middle East is $8.75 million, nearly double the global average. OT security encompasses advanced cybersecurity protocols designed to ensure the integrity, availability and safety of industrial control systems. As critical infrastructure faces escalating cyber threats, robust OT security is essential for maintaining continuity across the oil & gas, manufacturing, energy, transport and utility sectors.

In late 2024, ransomware groups accelerated attacks on industrial sectors, with manufacturing, transportation and ICS operations prime targets. Only aggressive defence, intelligence sharing and cross-sector collaboration will safeguard critical infrastructure into 2025 and beyond. The audience heard from experts on the need for modern OT protection which delved into precision AI, leveraging machine learning, deep learning and large language models.

Discussing cybersecurity threats in the maritime industry, where ships can hold up to 10,000 passengers, are driven autonomously and each country has their own set of AI regulations, Simone Fortin, Global CISO Cruise Division at MSC Cruise Division, called for streamlined regulations that can be applied to all countries around the world.

He said, “For an industry like maritime, which is regulated by the UN, it is hard to interpret how to prevent AI threats for something critical like managing a ship. The UN gives the policy a broader scale, but then everything is regulated by bilateral agreements between the states and the regulators, and implemented by companies; but then, everything is defined by the fact that you could be in international waters. And ships can be owned by one entity, managed by another while sailing under a separate flag.”

Bridging the gap between AI-powered cyber defence and critical infrastructure resilience, the OT Security Track also put the spotlight the escalating IoT/IIoT threats in the oil & gas sector, featuring frontline insights from global CISOs defending the world’s most targeted industries.

Amal Krishna, Executive Director & CISO, ONGC, said, “To combat the surge in OT cyberattacks, businesses must prioritise asset visibility, network segmentation and secure remote access – but equally critical is breaking down silos between IT, OT and engineering teams. Cyber resilience in critical infrastructure isn’t just about technology, it’s about collaboration, continuous monitoring and a security-first culture.”

Albert Vartic, Upstream OT Cybersecurity Officer, OMV Petrom, added, “Over the next five years, OT cybersecurity in the Middle East’s critical infrastructure will see significant evolution. The region’s rapid digitalisation has expanded the attack surface, making industrial systems more vulnerable – proactive measures like IEC 62443 adoption and cross-team collaboration will be essential to safeguard operational resilience.”

Exhibitors Ayman Al Issa (CPX) and Mohammed Mousa (CyberKnight) dissected the 49% surge in OT attacks, offering actionable defences for the energy, healthcare and manufacturing sectors. Mousa, OT/xIoT Consultant at CyberKnight, warns that legacy OT systems weren’t built for today’s threats.

He explained, “The escalation in intrusions is a consequence of accelerated digital transformation in industrial sectors. As organisations integrate IT and OT environments to improve efficiency and support the business, they inadvertently expand the threat surface. Furthermore, legacy systems remain in operation far beyond their intended lifespan and often lack native security controls. Meanwhile, increased reliance on remote access, third-party integrations, and limited OT-specific cybersecurity governance heightens exposure. Simply put, organisations are moving faster than their security strategies are evolving.”

For businesses and governments to stay ahead of cyber criminals, Al Issa, Director – OT Cybersecurity at CPX, emphasised the importance of undertaking risk and threat assessments to understand what assets are at risk and how potential attackers might target them, sooner rather than later. He said, “In today’s fast-shifting business landscape, organisations need to focus on identifying their most critical assets – those that are at the highest risk and that they care about the most, rather than trying to protect everything or plan for recovery across the entire business. As such, organisations should conduct in-depth threat and risk assessments specifically considering the unique characteristics of industrial control systems (ICS), including their physical consequences. This involves mapping out interdependence, potential attack vectors and consequences of downtime. Using threat intelligence and aligning with frameworks like CIS ICS Controls can help organisations monitor suspicious activity, manage vulnerabilities and create tailored incident response plans. Once this is clear, more targeted and practical defence measures can be put in place and continuously tested, using threat intelligence to stay ahead of evolving threats. Risk assessments should be continuous, evolving with technological changes and emerging threats and should be validated through regular penetration testing.”

Amr Elsayed, Regional OT/ICS Cybersecurity Specialist at CyberKnight, agrees, saying technology, collaboration and workforce training should be key priorities for businesses. He said, “To enhance OT security resilience against rising cyber threats, businesses should adopt a Zero Trust approach, enforcing least-privilege access and micro-segmentation to limit breach impact. Advanced real-time monitoring and threat intelligence sharing (ISACs, public-private partnerships) are critical for proactive defences. Additionally, maintaining accurate OT asset inventories, conducting OT-specific incident response drills and implementing risk-based vulnerability management (compensating controls, tailored patching) will strengthen security postures. Finally, OT-focused employee training ensures a security-aware workforce. By prioritising these measures – spanning technology, collaboration and workforce readiness – organisations can safeguard critical infrastructure, mitigate disruptions and build long-term cyber resilience in OT environments.”

With Middle East nations rapidly adopting digitisation into their day-to-day practices, the region is becoming a target for cyberattacks. However, the experts expect a number of measures to be put in place to protect cybersecurity infrastructure, and GISEC 2025 could be where policymakers and tech giants will draft the playbook. Al Issa added, “Over the next five years, we can expect a major shift toward structured, regulation-driven cybersecurity approaches. AI-driven OT threat detection, the widespread adoption of Zero Trust principles and deeper integration of compliance frameworks will define the regional OT cybersecurity landscape. Stricter regulatory frameworks and compliance mandates region-wide will push for better security practices.”

Organised by Dubai World Trade Centre, GISEC Global 2025 is hosted by the UAE Cybersecurity Council under the theme of ‘Securing an AI-Powered Future’, and supported by Dubai Electronic Security Center (DESC), UAE Ministry of Interior and Dubai Police.

This year’s participation underscores OPSWAT’s commitment to strengthening regional cybersecurity resilience as organizations face increasingly sophisticated threats. Attendees will have multiple opportunities to engage with OPSWAT’s cybersecurity experts through interactive demonstrations, thought leadership sessions, and specialized training programs.

Sertan Selcuk, Vice President for METAP and CIS, OPSWAT

“Our main focus at GISEC Global 2025 will be critical infrastructure, the lynchpin of economic progress and an increasingly popular target for threat actors,” said Sertan Selcuk, Vice President for METAP and CIS, OPSWAT. “Our partnerships will involve devising ways of protecting the interconnected systems and technologies that drive the Fourth Industrial Revolution. Through our demonstrations and discussions at GISEC 2025, OPSWAT experts will show how our solutions directly address the latest cybersecurity challenges, especially the ongoing merger of IT and OT.”

The company will showcase its innovative solutions through two unique exhibits. The CIP Mobile Lab, operated by OP/X Labs, will provide live demonstrations of industry-leading technologies designed to protect critical infrastructure. Visitors can gain practical insights into securing vital operational systems against modern cyber threats.

Complementing this will be OPSWAT’s Nuclear Plant Model Reactor display, illustrating the company’s specialized capabilities in securing highly sensitive environments. The exhibit will demonstrate real-world applications of OPSWAT’s technology through an interconnected display with the mobile lab.

OPSWAT’s experts will present across multiple stages during the three-day event:

1. On the opening day, security professionals can attend a live hacking demonstration on the Dark Stage, revealing current vulnerabilities in today’s threat landscape.
2. Day two features two significant presentations. Founder and CEO Benny Czarny will deliver a keynote address titled “Breaking the Firewall: Revolutionizing Cyber Defense for a Connected World” on the Government Stage. His session will challenge conventional security paradigms and propose innovative approaches to counter AI-driven threats and encrypted attacks.
3. Simultaneously, Director of Products and Solutions Kris Voorspoels will participate in a Critical Infrastructure Stage panel discussion examining security challenges in the regional oil and gas sector’s Industrial IoT (IIoT) ecosystem. The session will explore security implications of connected devices in petrochemical operations and strategies for protecting this vital economic sector.

Supporting the UAE National Cybersecurity Strategy’s capacity-building objectives, OPSWAT Academy will offer complimentary certification courses throughout the event. Professionals can earn credentials in File Security (OFSA), Secure Storage (OSSA), Email Security (OESA), Web Traffic Protection (OWPA), and Data Transfer Security (ODSA).

At GISEC Global 2025, OPSWAT will exhibit from Stand C55, Hall 7.

At this year’s event, AmiViz will be joined by six leading technology partners, each bringing unique capabilities to the cybersecurity ecosystem:

1. Sysdig – Real-Time Security for Cloud and Containers
2. Threatcop – People Security Management
3. Bitsight – Cyber Risk Management
4. ExtraHop – Cloud Native Network Detection and Response
5. RunZero – Total Attack Surface & Exposure Management
6. YesWeHack – Global Bug Bounty and Vulnerability Management Platform

These technologies span the full cybersecurity spectrum—from securing cloud-native environments and managing cyber risk to strengthening human defenses and identifying vulnerabilities before they can be exploited.

AmiViz’s participation underscores its ongoing commitment to empowering regional enterprises with comprehensive cybersecurity strategies. Visitors to the stand will have the opportunity to explore each of the featured solutions, engage directly with product experts, and attend insightful presentations on how these tools can be integrated into their existing security frameworks.

“GISEC is a cornerstone event for cybersecurity in the region,” said Ilyas Mohammed, Chief Operating Officer of Amiviz. “It provides a unique platform for us to showcase our growing portfolio of innovative technologies and to connect with decision-makers looking to enhance their cyber resilience. This year, our focus is on helping organizations build proactive, integrated defenses that are future-ready.”

“Multiple countries in the Middle East have made significant strides in cybersecurity. However, organizations in the region remain an attractive target for cybercriminals, as our research shows,” says Ilya Leonov, Regional Director for MENA, Positive Technologies. “At GISEC Global 2025, we will focus on application security (AppSec) and operational technology security (OT security). Our team will share best practices for using PT Network Attack Discovery, which detects cybercriminal activity in the network traffic and also aids in incident investigation and proactive threat hunting. We’ll also be talking about a range of our other products and solutions to help you get real value from your cybersecurity investments. Additionally, our experts will demonstrate sophisticated attack methods and explain how to defend against them.”

Visitors to the Positive Technologies booth will have the opportunity to observe offensive security specialists simulating DMA attacks, using various devices to bypass defenses and gain access to valuable information. An accessible and user-friendly tool for chip security analysis will also be presented to GISEC participants. This tool, which simulates fault injection attacks, will be demonstrated in action, and the Positive Technologies team will deliver a workshop for cybersecurity professionals.

Positive Technologies will also be organizing four activities in the Hack-O-Sphere zone. At Fixathon, guests will have the opportunity to test their skills in fixing code vulnerabilities and improve their secure development skills. The second activity is dedicated to steganography: guests will be encouraged to find words encrypted in the works of renowned artists and get acquainted with this fascinating method of information transmission. At the workshop on hacking devices, participants will learn how attackers exploit physical access vulnerabilities and how to defend against such attacks. At the soldering workshop, you’ll have the opportunity to craft a useful mini-gadget.