Cyber Security
Cloud and IoT Vulnerabilities Expose Smart Cities and Industrial Systems to Cyber Risks
Ezzeldin Husein, the Regional Senior Director for Solution Engineering – META at SentinelOne says cyberattacks on MEA’s critical infrastructure are becoming more sophisticated, with nation-state actors, ransomware gangs, and hacktivists targeting energy, finance, and transportation sectors
Can you provide an overview of the current cybersecurity landscape for critical infrastructure in the MEA region?
The cybersecurity landscape for critical infrastructure in the MEA region is evolving rapidly, driven by digital transformation, AI adoption, and geopolitical shifts. Governments and enterprises are investing in robust cybersecurity frameworks to protect energy, finance, and transportation sectors from escalating threats. Nation-state attacks, ransomware, and supply chain vulnerabilities remain key risks.
The UAE and Saudi Arabia lead regional efforts with AI-driven security, zero-trust models, and national cybersecurity strategies. However, challenges persist, including skills gaps, regulatory fragmentation, and balancing innovation with security. Strengthening cyber resilience through public-private collaboration and advanced threat intelligence is crucial to safeguarding MEA’s critical infrastructure.
What are the most notable trends in cyber attacks targeting these systems?
Cyberattacks on MEA’s critical infrastructure are becoming more sophisticated, with nation-state actors, ransomware gangs, and hacktivists targeting the energy, finance, and transportation sectors. Key trends include AI-powered attacks, deepfake-based social engineering, and supply chain compromises. Ransomware-as-a-Service (RaaS) is surging, often disrupting essential services.
Cloud and IoT vulnerabilities expose smart cities and industrial systems to cyber risks. Additionally, geopolitical tensions drive espionage and sabotage attempts on nuclear and AI projects. As MEA nations accelerate digital transformation, adversaries exploit gaps in cybersecurity maturity, making proactive threat intelligence, zero-trust architecture, and AI-driven defences essential for safeguarding critical infrastructure.
Which sectors in the MEA region are most vulnerable to cyber attacks, and why?
The MEA region’s energy, water, transportation, and healthcare sectors are highly vulnerable to cyberattacks due to their critical role in national security and economic stability. Energy infrastructure, including oil, gas, and power grids, is a prime target for nation-state attacks and ransomware, especially as nuclear initiatives expand. Water systems, reliant on IoT and SCADA, face risks of disruption.
Transportation networks, including ports and aviation, are exposed to ransomware and supply chain threats. Healthcare is increasingly targeted for patient data and system access. Legacy systems, cybersecurity gaps, and geopolitical tensions make these sectors attractive targets, necessitating robust cyber resilience strategies.
What are the primary motivations behind cyber attacks on critical infrastructure in the MEA region?
Cyberattacks on critical infrastructure in the MEA region are primarily driven by geopolitical, financial, and sabotage motivations. Geopolitical tensions lead to state-sponsored attacks, particularly on energy and nuclear assets, aimed at gaining strategic advantages or disrupting adversaries. Financial motives drive ransomware attacks, seeking monetary gain by targeting high-value sectors like energy and healthcare.
Sabotage is another key motivation, especially in critical sectors like water and transportation, where attackers aim to disrupt operations and create instability. These attacks are often compounded by regional political conflicts, technological dependencies, and the ongoing race for dominance in emerging industries like AI and nuclear power.
How important is employee training and awareness in preventing cyber attacks on critical infrastructure?
Employee training and awareness are crucial in preventing cyberattacks on critical infrastructure in the MEA region. Human error remains one of the leading causes of security breaches, with phishing and social engineering tactics often targeting employees. Regular training on recognising threats, following cybersecurity best practices, and understanding the importance of data protection can significantly reduce the risk of successful attacks.
Educating staff about emerging threats, secure use of digital tools, and incident response protocols strengthens the overall cybersecurity posture. By fostering a security-conscious culture, organisations can minimise vulnerabilities, ensuring robust defences against cyber threats targeting critical infrastructure.
What role does proactive threat intelligence play in securing critical infrastructure systems?
Proactive threat intelligence is essential for securing critical infrastructure systems in the MEA region. By continuously monitoring emerging threats, vulnerabilities, and attack techniques, organisations can identify and mitigate potential risks before they escalate. Threat intelligence enables early detection of cyberattacks, allowing for faster response times and minimising the impact on operations.
It also helps in forecasting future attack patterns, enabling better preparation and adaptive security strategies. Integrating threat intelligence into risk management processes improves decision-making, enhances situational awareness, and strengthens defences against advanced persistent threats (APTs), ransomware, and other targeted attacks, ensuring the resilience of critical infrastructure systems.
Are there any technologies being deployed to safeguard critical infrastructure in the region?
Yes, several advanced technologies are being deployed to safeguard critical infrastructure in the MEA region. AI and machine learning are increasingly used for threat detection, anomaly detection, and automated response, enhancing the ability to identify and mitigate emerging threats in real time. Zero-trust architecture is gaining traction, ensuring that no entity, whether internal or external, is trusted by default, reducing the risk of insider threats and lateral movement in case of breaches. Additionally, security automation tools and advanced encryption techniques are being utilised to strengthen data protection and network resilience, providing a multi-layered defence strategy for critical infrastructure.
What are the biggest challenges companies face in securing critical infrastructure in the MEA region?
Companies in the MEA region face significant challenges in securing critical infrastructure, including a lack of resources, outdated systems, and skilled workforce shortages. Many organisations still rely on legacy systems, which are vulnerable to modern cyber threats and are costly to update. The region also struggles with a shortage of cybersecurity talent, making it difficult to build and maintain robust defence systems.
Additionally, budget constraints and competing priorities often hinder investment in necessary security tools and technologies. Geopolitical tensions and regulatory complexities further complicate efforts, making it essential for companies to adopt comprehensive and agile cybersecurity strategies.
What role do MEA governments play in regulating and enforcing cybersecurity standards for critical infrastructure?
MEA governments play a crucial role in regulating and enforcing cybersecurity standards for critical infrastructure by establishing national cybersecurity frameworks and compliance mandates. Many countries have introduced sector-specific regulations, such as in energy, finance, and healthcare, to ensure the protection of critical assets.
Governments often collaborate with private sector stakeholders to create cybersecurity policies and best practices, while also imposing penalties for non-compliance. They support cybersecurity awareness and training initiatives to build a skilled workforce. Additionally, governments invest in cyber defence capabilities, and some form international alliances to tackle cross-border cyber threats and improve regional resilience.
How can companies ensure business continuity while recovering from a cyber attack on their critical systems?
Companies can ensure business continuity during recovery from a cyber attack by implementing a comprehensive incident response plan that includes backup systems and disaster recovery protocols. This plan should be regularly tested to ensure its effectiveness. Organisations should maintain offline backups of critical data and leverage cloud-based recovery solutions for quick restoration.
Employing a business continuity management system helps prioritise essential services and minimise downtime. In parallel, real-time monitoring and network segmentation can isolate affected systems, preventing further damage. Effective communication with stakeholders, along with robust cyber insurance coverage, ensures resilience and minimises the long-term impact of the attack.
Vladimir Razov, an expert from the PT SWARM team, has discovered a vulnerability in several models of D-Link routers. According to Mordor Intelligence, D-Link is one of the top three Wi-Fi router manufacturers in the world. The vendor has been notified of the threat in line with the responsible disclosure policy and recommends that users switch to more recent devices.
The vulnerability, which is registered as BDU:2024-06211 with a CVSS 3.0 score of 8.4, affects the following D-Link models: DIR-878, DIR-882, DIR-2640-US, DIR-1960-US, DIR-2660-US, DIR-3040-US, DIR-3060-US, DIR-867-US, DIR-882-US, DIR-882/RE, DIR-882-CA, and DIR-882-US/RE. At the time of the research, vulnerable routers could be discovered using search engines in the United States, Canada, Sweden, China, Indonesia, and Taiwan.
According to the manufacturer, these models are no longer supported. D-Link recommends retiring the outdated devices and replacing them with supported devices that receive firmware updates. “If this vulnerability is successfully exploited, a malicious user authorized in the router’s web interface can compromise the entire device and gain access to all traffic passing through it,” says Vladimir Razov, Web Application Security Analyst at PT SWARM, the offensive security department at Positive Technologies.
As a temporary measure to mitigate the threat, Vladimir Razov recommends using OpenWrt (an open-source embedded operating system based on the Linux kernel and designed specifically for routers) or changing the login credentials for accessing the router’s web interface. Previously, Positive Technologies helped address vulnerabilities in Zyxel routers and other Zyxel devices. Positive Technologies also enhanced its PT Industrial Security Incident Manager (PT ISIM) with an additional expertise pack, enabling cybersecurity teams to detect attempts to exploit vulnerabilities in MikroTik routers and Cisco switches.
Leading cybersecurity provider Sophos has released findings from a new study quantifying the financial impact of various cybersecurity controls on cyber insurance claims. The research compares the effect of endpoint solutions, EDR/XDR technologies, and MDR services on claim amounts, offering valuable insights for both insurers and organizations.
Sally Adam, Senior Director, Solution Marketing at Sophos, said, “Every year, organisations spend huge amounts of money on their cybersecurity. By quantifying the impact of controls on the outcome of cyberattacks, this study enables them to focus their investments on the most cost-effective options. At the same time, insurers have a major influence on cybersecurity spending through the controls they require of organisations wishing to be covered and the discounts they offer when a given scheme is in place. This study enables them to encourage investments that can make a real difference to incident outcomes and the resulting claim amounts.”
The Sophos study reveals a dramatic difference in cyber insurance claims: organizations using MDR services claim a median compensation of just $75,000, a staggering 97.5% less than the $3 million median claimed by organizations relying solely on endpoint solutions. This means that endpoint-only users typically claim 40 times more in the event of an attack. The study attributes this significant reduction to the rapid threat detection and blocking capabilities of MDR services, which can effectively prevent extensive damage.
The study also highlights a clear benefit to combining EDR or XDR with endpoint solutions, as the average insurance claim for users of these tools is just $500,000, which is one-sixth of the $3 million average claim for those using only endpoint solutions.
The Sophos study indicates that the predictability of cyber insurance claims varies significantly depending on the security controls in place. Claims from organizations utilizing MDR services show the highest predictability, suggesting consistent and reliable threat mitigation. This is likely due to the 24/7 expert monitoring, investigation, and response that allows for swift action against threats at any time. Conversely, claims from users of EDR/XDR tools are the least predictable, implying that their effectiveness in preventing major damage heavily depends on the user’s expertise and speed of response.
The Sophos study also reveals significant differences in recovery times from ransomware attacks. Endpoint solution users average a 40-day recovery, while EDR/XDR users take the longest at 55 days. In stark contrast, organizations using MDR services recover the fastest, with an average downtime of just three days. These findings underscore MDR’s effectiveness in minimizing the impact of cyberattacks and highlight the less predictable recovery experiences associated with EDR/XDR tools, whose success is dependent on user expertise.
Adam concludes, “The research confirms what many people instinctively know: the type of security solution used has a significant impact on cyber insurance claims. Cyberattacks are inevitable, but defences are not. These results are a useful tool for organisations wishing to optimise their cyber defence and their return on investment in cybersecurity. They will also be useful for insurers looking to reduce their exposure and offer suitable policies to their customers.”
Fortinet has enhanced its OT Security Platform to better protect critical infrastructure from modern cyberthreats. The upgraded platform offers more than basic OT visibility with the new FortiGuard OT Security Service, expanded hardened solutions for network segmentation and 5G in demanding environments, and an improved OT SecOps portfolio for automated threat response and compliance management.
“Fortinet has been building an industry-leading OT Security Platform for 20-plus years and remains at the forefront of OT security innovation,” said Nirav Shah, Senior Vice President, Products and Solutions at Fortinet. “As cyberthreats against critical infrastructure and across industries such as energy, transportation, and manufacturing continue to grow, Fortinet remains committed to delivering comprehensive security solutions tailored for operational technology environments. These latest enhancements give organizations the tools they need to improve their OT security posture and adhere to regulatory requirements—all managed through a single, unified platform.”
The latest Fortinet OT Security Platform enhances OT security with:
- Advanced Threat Protection: New FortiGate Rugged NGFWs combined with the enhanced FortiGuard OT Security Service offer superior security enforcement, detecting threats using over 3,300 OT protocol rules, nearly 750 OT IPS rules, and 1,500 virtual patching rules. This protects against known exploited vulnerabilities and provides virtual patching for older OT systems. Secure remote access is also improved with updates to FortiSRA, including enhanced secrets and password management.
- Secure Segmentation: The new FortiSwitch Rugged 108F and FortiSwitch Rugged 112F-POE industrial-grade switches enable precise security control at the port level, preventing unauthorized lateral movement within OT networks. Built on Fortinet’s unified FortiOS, these switches simplify network and security management.
- Resilient Connectivity: Two new ruggedized 5G solutions are introduced: the IP67-rated FortiExtender Rugged 511G for secure, high-speed connectivity to remote OT sites, and the IP64-rated FortiExtender Vehicle 511G for fleet vehicles. Both feature embedded Wi-Fi 6 and new eSIM capabilities for easier carrier selection.
- Enhanced OT SecOps: Fortinet’s AI-driven security operations capabilities are strengthened with updates to FortiAnalyzer 7.6 and FortiDeceptor 6.1, offering deeper threat insights and simplified compliance reporting for OT security teams. FortiNDR Cloud now includes OT protocol support for threat hunting, while FortiNDR (on-premises) adds features like a Purdue Model view and a device inventory covering OT and the Mitre ATT&CK ICS Matrix.
The Fortinet OT Security Platform delivers a unified view and comprehensive security tools to simplify the management of OT and remote site security. It empowers organizations to easily assess, secure, and report on risks, including meeting complex regulatory compliance. Fortinet uniquely offers seamless segmentation and a complete ruggedized portfolio of OT security solutions all managed by a single operating system, FortiOS. Its deep integration within the Fortinet Security Fabric makes it a leading platform in the industry, providing an effective, efficient, and holistic approach to OT security and compliance that surpasses standard offerings.
Positive Technologies Discovery Leads D-Link to Recommend Router Replacements
Sophos Study: MDR Users Claim 97.5% Less in Cyber Insurance
Fortinet Strengthens OT Security for Critical Infrastructure
ManageEngine’s Open API Platform Enables Unified, Customisable Security Analytics
AI-Driven Deception: A New Face of Corporate Fraud
UAE Cyber Security Council and CPX Unveil Cybersecurity Report 2025
Proactive Threat Intelligence is Essential in Securing Critical Infrastructure
“We Can All Do Better By Treating Women in Tech as Equals”
Supply Chain Vulnerabilities Are Becoming a Growing Concern
“Having Mentors Who Believe in You Can Make All the Difference”
UAE Workforce in 2025: Cybercrime, Stress, and Burnout Take the Spotlight
Video: Toshiba Presents Latest Hard Drives and QNAP NAS System Live Demo at INTERSEC 2025
Video: Toshiba Showcases its Latest Hard Disk Drives Through Live Demos at Intersec 2025
Video: Interview with Meriam ElOuazzani of SentinelOne
Video: Interview with Fred Crehan of Confluent at GITEX Global 2024
-
Artificial Intelligence1 week ago89% of Companies Update AI Data Strategies, But Gaps Remain
-
Cyber Security1 week agoHalcyon Launches 24/7 Ransomware Detection and Recovery (RDR) Solution
-
News1 week agoMatrix Announces IoTSCS-ER Compliant Network Cameras Certified by STQC
-
Artificial Intelligence1 week agoKaspersky Detects Sophisticated Scam Using DeepSeek AI
-
Artificial Intelligence6 days agoUiPath Acquires Peak to Drive Next-Gen AI Decision Intelligence
-
Cyber Security1 week agoForcepoint to Acquire Getvisibility
-
Cyber Security1 week agoNew Research from Palo Alto Networks and Siemens on OT Security Risks
-
Cyber Security6 days agoGroup-IB Outs High-Tech Crime Trends Report 2025 for META