Connect with us

Cyber Security

Cloud and IoT Vulnerabilities Expose Smart Cities and Industrial Systems to Cyber Risks

Published

4 months ago

on

Ezzeldin Husein, the Regional Senior Director for Solution Engineering – META at SentinelOne says cyberattacks on MEA’s critical infrastructure are becoming more sophisticated, with nation-state actors, ransomware gangs, and hacktivists targeting energy, finance, and transportation sectors

Can you provide an overview of the current cybersecurity landscape for critical infrastructure in the MEA region?
The cybersecurity landscape for critical infrastructure in the MEA region is evolving rapidly, driven by digital transformation, AI adoption, and geopolitical shifts. Governments and enterprises are investing in robust cybersecurity frameworks to protect energy, finance, and transportation sectors from escalating threats. Nation-state attacks, ransomware, and supply chain vulnerabilities remain key risks.

The UAE and Saudi Arabia lead regional efforts with AI-driven security, zero-trust models, and national cybersecurity strategies. However, challenges persist, including skills gaps, regulatory fragmentation, and balancing innovation with security. Strengthening cyber resilience through public-private collaboration and advanced threat intelligence is crucial to safeguarding MEA’s critical infrastructure.

What are the most notable trends in cyber attacks targeting these systems?
Cyberattacks on MEA’s critical infrastructure are becoming more sophisticated, with nation-state actors, ransomware gangs, and hacktivists targeting the energy, finance, and transportation sectors. Key trends include AI-powered attacks, deepfake-based social engineering, and supply chain compromises. Ransomware-as-a-Service (RaaS) is surging, often disrupting essential services.

Cloud and IoT vulnerabilities expose smart cities and industrial systems to cyber risks. Additionally, geopolitical tensions drive espionage and sabotage attempts on nuclear and AI projects. As MEA nations accelerate digital transformation, adversaries exploit gaps in cybersecurity maturity, making proactive threat intelligence, zero-trust architecture, and AI-driven defences essential for safeguarding critical infrastructure.

Which sectors in the MEA region are most vulnerable to cyber attacks, and why?
The MEA region’s energy, water, transportation, and healthcare sectors are highly vulnerable to cyberattacks due to their critical role in national security and economic stability. Energy infrastructure, including oil, gas, and power grids, is a prime target for nation-state attacks and ransomware, especially as nuclear initiatives expand. Water systems, reliant on IoT and SCADA, face risks of disruption.

Transportation networks, including ports and aviation, are exposed to ransomware and supply chain threats. Healthcare is increasingly targeted for patient data and system access. Legacy systems, cybersecurity gaps, and geopolitical tensions make these sectors attractive targets, necessitating robust cyber resilience strategies.

What are the primary motivations behind cyber attacks on critical infrastructure in the MEA region?
Cyberattacks on critical infrastructure in the MEA region are primarily driven by geopolitical, financial, and sabotage motivations. Geopolitical tensions lead to state-sponsored attacks, particularly on energy and nuclear assets, aimed at gaining strategic advantages or disrupting adversaries. Financial motives drive ransomware attacks, seeking monetary gain by targeting high-value sectors like energy and healthcare.

Sabotage is another key motivation, especially in critical sectors like water and transportation, where attackers aim to disrupt operations and create instability. These attacks are often compounded by regional political conflicts, technological dependencies, and the ongoing race for dominance in emerging industries like AI and nuclear power.

How important is employee training and awareness in preventing cyber attacks on critical infrastructure?
Employee training and awareness are crucial in preventing cyberattacks on critical infrastructure in the MEA region. Human error remains one of the leading causes of security breaches, with phishing and social engineering tactics often targeting employees. Regular training on recognising threats, following cybersecurity best practices, and understanding the importance of data protection can significantly reduce the risk of successful attacks.

Educating staff about emerging threats, secure use of digital tools, and incident response protocols strengthens the overall cybersecurity posture. By fostering a security-conscious culture, organisations can minimise vulnerabilities, ensuring robust defences against cyber threats targeting critical infrastructure.

What role does proactive threat intelligence play in securing critical infrastructure systems?
Proactive threat intelligence is essential for securing critical infrastructure systems in the MEA region. By continuously monitoring emerging threats, vulnerabilities, and attack techniques, organisations can identify and mitigate potential risks before they escalate. Threat intelligence enables early detection of cyberattacks, allowing for faster response times and minimising the impact on operations.

It also helps in forecasting future attack patterns, enabling better preparation and adaptive security strategies. Integrating threat intelligence into risk management processes improves decision-making, enhances situational awareness, and strengthens defences against advanced persistent threats (APTs), ransomware, and other targeted attacks, ensuring the resilience of critical infrastructure systems.

Are there any technologies being deployed to safeguard critical infrastructure in the region?
Yes, several advanced technologies are being deployed to safeguard critical infrastructure in the MEA region. AI and machine learning are increasingly used for threat detection, anomaly detection, and automated response, enhancing the ability to identify and mitigate emerging threats in real time. Zero-trust architecture is gaining traction, ensuring that no entity, whether internal or external, is trusted by default, reducing the risk of insider threats and lateral movement in case of breaches. Additionally, security automation tools and advanced encryption techniques are being utilised to strengthen data protection and network resilience, providing a multi-layered defence strategy for critical infrastructure.

What are the biggest challenges companies face in securing critical infrastructure in the MEA region?
Companies in the MEA region face significant challenges in securing critical infrastructure, including a lack of resources, outdated systems, and skilled workforce shortages. Many organisations still rely on legacy systems, which are vulnerable to modern cyber threats and are costly to update. The region also struggles with a shortage of cybersecurity talent, making it difficult to build and maintain robust defence systems.

Additionally, budget constraints and competing priorities often hinder investment in necessary security tools and technologies. Geopolitical tensions and regulatory complexities further complicate efforts, making it essential for companies to adopt comprehensive and agile cybersecurity strategies.

What role do MEA governments play in regulating and enforcing cybersecurity standards for critical infrastructure?
MEA governments play a crucial role in regulating and enforcing cybersecurity standards for critical infrastructure by establishing national cybersecurity frameworks and compliance mandates. Many countries have introduced sector-specific regulations, such as in energy, finance, and healthcare, to ensure the protection of critical assets.

Governments often collaborate with private sector stakeholders to create cybersecurity policies and best practices, while also imposing penalties for non-compliance. They support cybersecurity awareness and training initiatives to build a skilled workforce. Additionally, governments invest in cyber defence capabilities, and some form international alliances to tackle cross-border cyber threats and improve regional resilience.

How can companies ensure business continuity while recovering from a cyber attack on their critical systems?
Companies can ensure business continuity during recovery from a cyber attack by implementing a comprehensive incident response plan that includes backup systems and disaster recovery protocols. This plan should be regularly tested to ensure its effectiveness. Organisations should maintain offline backups of critical data and leverage cloud-based recovery solutions for quick restoration.

Employing a business continuity management system helps prioritise essential services and minimise downtime. In parallel, real-time monitoring and network segmentation can isolate affected systems, preventing further damage. Effective communication with stakeholders, along with robust cyber insurance coverage, ensures resilience and minimises the long-term impact of the attack.

Related Topics:
Continue Reading

Cloud

SentinelOne Simplifies Secure Cloud Migrations on AWS

Published

21 hours ago

on

June 13, 2025

By

SentinelOne today announced its participation in the Amazon Web Services (AWS) Independent Software Vendor (ISV) Workload Migration Program. This initiative supports AWS Partner Network (APN) members with SaaS offerings on AWS to accelerate and streamline workload migrations.

Through the program, SentinelOne will provide AWS customers with accelerated, secure cloud migration support, leveraging modern AI-powered CNAPP capabilities to ensure rapid and protected transitions. With access to AWS funding, technical resources, and go-to-market support, SentinelOne will help organizations reduce migration timelines and costs while maintaining robust security.

SentinelOne’s Singularity Cloud Security delivers real-time visibility and protection throughout the migration journey—whether from on-premises or another cloud—enabling a secure, seamless transition to AWS.

“Through our participation in the AWS ISV Workload Migration Program, SentinelOne is helping customers accelerate secure cloud migrations with end-to-end protection and visibility,” said Ric Smith, President of Product, Technology, and Operations at SentinelOne. “Whether moving from on-prem or another cloud to AWS, organizations can count on us to deliver the security they need throughout their journey—realizing the performance, speed, agility, and cost benefits of the cloud.”

Singularity Cloud Security combines agentless and agent-based protection for deep visibility, continuous posture management, and real-time threat detection across hybrid and multi-cloud environments. By collaborating with AWS and ecosystem partners, SentinelOne ensures seamless integration into migration projects, helping customers move faster, reduce risk, and scale confidently in the cloud.

Availability: SentinelOne’s solutions are available globally.

Continue Reading

Cyber Security

Beyond Blocklists: How Behavioural Intent Analysis Can Safeguard Middle East Businesses from Rising AI-Driven Bot Threats

Published

4 days ago

on

June 10, 2025

By

The Middle East is facing an unprecedented surge in AI-driven bot attacks, with malicious automation now outpacing traditional defenses. Mohammad Ismail, Vice President for EMEA at Cequence Security, warns that legacy tools like IP blocklists and rate limiting are no match for today’s sophisticated threats (more…)

Continue Reading

Cyber Security

Sophos Boosts Firewall with New Protection and Incident Response Features

Published

4 days ago

on

June 10, 2025

By

Sophos has announced a significant update to its Sophos Firewall software, introducing enhanced protection and incident response capabilities. This update notably includes Sophos NDR Essential, a new feature now available free of charge to all customers holding an XStream Protection license for Sophos Firewall.

This integration empowers Sophos Firewall with two dedicated artificial intelligence (AI) engines specifically designed to detect both malware communications and those utilizing algorithmically generated domain names. This advanced functionality, derived from the Sophos Network Detection and Response (NDR) probe, aims to identify sophisticated malware communications even if they are previously unknown or not yet indexed. It serves as a powerful complement to the Active Threat Response capabilities already embedded within Sophos firewalls.

Chris McCormack, Senior Product Marketing Manager at Sophos

Addressing the technical demands of such advanced detection, Chris McCormack, Senior Product Marketing Manager at Sophos, explained the strategic approach, “NDR traffic analysis requires substantial processing power. That’s why we’ve adopted a new approach by deploying an NDR solution in Sophos Cloud to offload the heaviest tasks from the firewall.” This cloud-centric design ensures optimal performance without burdening the firewall’s on-device resources.

Beyond network detection, the update also brings significant improvements to connectivity and user authentication. Sophos Connect now integrates EntraID for Single Sign-On (SSO). This new feature for the VPN client, bundled with Sophos Firewall, is set to enhance both the security and user experience for SSL and IPsec VPN connections. The integration with EntraID (Azure AD) enables users to authenticate and leverage multi-factor authentication for both Sophos Connect and access to the user portal hosted by the firewall, streamlining secure access.

Further VPN-related enhancements include:

  • Improved user interface and usability: Connection types have been renamed for greater clarity, with “site-to-site” now referred to as “policy-based” and tunnel interfaces as “route-based,” making configurations more intuitive.
  • Dynamic validation of the IP address pool: For VPN connections (SSL VPN, IPsec, L2TP, and PPTP), the system now dynamically validates the allocated IP address pool, helping to better resolve potential IP address conflicts.
  • Strict profile enforcement: IPsec profiles now exclude default values to ensure algorithm synchronization, effectively eliminating potential fragmentation of session negotiation packets that could otherwise prevent site-to-site VPN tunnels from being established.
  • Route-based VPN and SD-RED scalability: The system has been optimized to support up to 3,000 simultaneously established tunnels. Specifically, Sophos Firewall solutions can now manage up to 1,000 SD-RED site-to-site tunnels and connect up to 650 concurrent SD-RED devices.

Additional management improvements enhance administrative flexibility and search capabilities:

  • More flexible DHCP Prefix Delegation (IPv6 DHCP-PD): The system now supports a broader range of prefixes, from /48 to /64, improving compatibility with various internet service providers.
  • Router Advertisement (RA) and DHCPv6 server: These features are now enabled by default, simplifying IPv6 network setup.
  • Resizable table columns: The web admin interface continues its adaptation for ultra-wide screens, with many configuration pages now allowing users to resize columns as needed for improved usability.
  • Enhanced object search functionality: The search field within the SD-WAN routing configuration screen now supports more granular criteria, including route name, ID, objects, and object values like IP addresses and domains. Similarly, local ACL rules now also support object name and value searches, extending to content-based searches for more precise results.
  • Default configuration changes: To streamline initial setups, default firewall rules and rule groups previously created during new firewall deployments have been removed. The initial configuration now only includes the default network rule and MTA rules. Furthermore, the default firewall rule group and the default gateway probe for custom gateways are now set to “None” by default.

Sophos continues its commitment to cybersecurity through a “Secure by Design” approach, enhancing the intrinsic security of its firewalls. This methodology involves the containerization of specific features and rigorous integrity checks on critical operating system files using mathematical checksums. Any detected checksum mismatch triggers a potential compromise alert, enabling monitoring teams to proactively identify possible security incidents affecting the firewall OS integrity. This proactive detection allows incident response and development teams to react swiftly to critical security events.

This update is now available for manual download and deployment by customers with any Sophos Firewall equipped with a valid license.

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.