Cyber Security
A Reliable Data Backup Strategy is Very Important
Sertan Selcuk, the Vice President of METAP and CIS Regions at OPSWAT says hackers are now targeting third-party vendors—companies that have access to critical infrastructure but often have less robust security measures
Can you provide an overview of the current cybersecurity landscape for critical infrastructure in the MEA region?
The cybersecurity landscape for critical infrastructure in the Middle East and Africa (MEA) region is one of both immense opportunity and significant risk. As digital transformation accelerates across industries like energy, healthcare, and transportation, the need to protect vital infrastructure is becoming even more urgent.
The region has always been strategically important, and now, with the growing complexity of the global geopolitical environment and the continued digitisation of everything from industrial control systems to cloud platforms, the attack surface is rapidly expanding. We’re seeing a combination of increasingly sophisticated, state-sponsored threats alongside an uptick in financially motivated attacks from cybercriminals. The regional challenges are unique, given the variety of government approaches to cybersecurity and varying levels of infrastructure maturity.
But at its core, the MEA region is dealing with the same overarching issue: the gap between the speed of technological innovation and the speed at which security measures can evolve to match these new threats.
What are the most notable trends in cyber attacks targeting these systems?
If there’s one thing we’ve seen in recent years, it’s that the diversity of attack methods has dramatically increased. Ransomware is still a significant threat—attackers are targeting critical sectors like healthcare and energy, knowing that they can disrupt essential services and demand large ransoms. But what’s more concerning is the rise in advanced persistent threats (APTs). Nation-state actors are not only after financial gain—they’re after strategic advantage, stealing intellectual property or trying to destabilise key regions. In some cases, these attacks are also focused on geopolitical leverage.
Another major trend we’re seeing is the exploitation of supply chains. Hackers are now targeting third-party vendors—companies that have access to critical infrastructure but often have less robust security measures. It’s a classic example of how an attack doesn’t always come directly through your organisation but via a trusted partner. Lastly, IoT vulnerabilities are becoming more apparent as we digitise our energy grids, healthcare systems, and transportation networks. These IoT devices are often not properly secured, making them a prime target for cybercriminals.
Which sectors in the MEA region are most vulnerable to cyber attacks, and why?
I believe the energy sector stands out as one of the most vulnerable in the MEA region. Countries that rely on oil and gas for economic stability, like Saudi Arabia and the UAE, face constant threats from state-sponsored cyber actors trying to disrupt operations or steal valuable data. It’s not just about cybercriminals; these attacks are highly sophisticated, driven by geopolitical motivations.
The healthcare sector is another area of concern. With digital health records, connected devices, and the overall shift toward telemedicine, the healthcare system in many parts of MEA has become increasingly digitised—and underprotected. Ransomware attacks targeting hospitals can be devastating, especially when attackers hold critical systems hostage, which is exactly what we saw in the past few years.
Then, we can’t ignore transportation. Whether it’s maritime shipping or air traffic, these sectors are essential for global trade, and a cyber-attack could have significant ripple effects across the world’s supply chain. Port infrastructure in the region, which is key for both regional and global trade, has become a frequent target for both financial and strategic motives.
What are the primary motivations behind cyber attacks on critical infrastructure in the MEA region?
When it comes to motivation, the drivers are multi-layered. Geopolitical tension is a major factor. A lot of the attacks we’re seeing aren’t just about stealing data or holding a company ransom—they are about sending a message or destabilising a government or economy. The energy sector, for example, is frequently targeted by actors seeking to disrupt the regional balance of power.
But financial gain is still a huge motivator, especially in sectors like healthcare and financial services. Ransomware operators know that shutting down vital services is a quick way to demand a ransom, and unfortunately, these industries often have no choice but to pay to get systems back online.
Then there’s the classic case of cyber sabotage, where an attack is purely designed to cause disruption. This could be in an effort to undermine trust in a government or to cause chaos during a period of political instability. These are often less about stealing data and more about sending a political message or leveraging cyberattacks to further a larger agenda.
How important is employee training and awareness in preventing cyber attacks on critical infrastructure?
One of the most important lessons I’ve learned over my career is that people are the weakest link in cybersecurity. No matter how advanced your technical systems are, if your employees aren’t properly trained to recognise threats—like phishing emails or suspicious links—you’ll always have vulnerabilities. Employee training and awareness are critical.
It’s not just about sending out a checklist of best practices, either. It’s about creating a culture of cybersecurity across your organisation, where everyone—from the top down—understands the risks and the role they play in preventing them. We need to empower individuals to spot threats early and respond appropriately. I can’t overstate how essential it is for leadership to take this seriously and lead by example.
What role does proactive threat intelligence play in securing critical infrastructure systems?
Proactive threat intelligence is more critical than ever in the current cybersecurity environment. Threat actors today are faster, smarter, and more persistent, so waiting until an attack occurs to react, simply isn’t enough. By tapping into threat intelligence, organisations can stay ahead of emerging risks, whether it’s a new attack vector or a shift in attack tactics from a known adversary. Real-time intelligence, for example, can help identify vulnerabilities before they’re exploited, so that organisations can adjust their defenses ahead of time. Sharing intelligence between governments, private organisations, and even across borders, allows for a more collective approach to mitigating risk.
Are there any technologies being deployed to safeguard critical infrastructure in the region?
There’s no silver bullet when it comes to securing critical infrastructure, but AI and machine learning are becoming game changers. These technologies can identify abnormal patterns and suspicious activities faster than a human ever could. They’re excellent for proactive defense, helping to detect zero-day attacks or even malware that hasn’t been seen before.
Another critical trend is the adoption of zero-trust architecture. In a region where critical infrastructure spans multiple sectors and often connects with external networks, zero-trust principles—where verification is required for every user, device, and network interaction—are helping to minimise the risk of unauthorised access. Encryption is also key, particularly for protecting sensitive data as it moves between systems or is stored in cloud environments. Secure data transmission and storage should be non-negotiable, especially in industries like healthcare and energy, where the stakes are incredibly high.
What are the biggest challenges companies face in securing critical infrastructure in the MEA region?
I think one of the biggest challenges we face in the MEA region is the lack of resources—specifically, skilled professionals and budget for adequate cybersecurity investments. A shortage of cybersecurity talent continues to be an issue, especially as threats evolve. There’s a constant battle to hire and retain the best talent, and many organisations are underprepared.
Legacy systems also remain a huge hurdle. Critical infrastructure often depends on old, outdated systems that weren’t designed with modern cybersecurity in mind. Modernising these systems without disrupting services is a major challenge, but it’s one that organisations must tackle.
Finally, inconsistent regulation across countries can be a major stumbling block. While some governments have made great strides in regulating cybersecurity, others are still lagging behind. Without consistent, region-wide standards, it’s hard for businesses to implement a comprehensive cybersecurity strategy that meets the necessary compliance requirements.
What role do MEA governments play in regulating and enforcing cybersecurity standards for critical infrastructure?
Governments in the region are starting to realise that cybersecurity is no longer a luxury, but a necessity. Countries like the UAE and Saudi Arabia have been proactive in establishing national cybersecurity strategies, and these efforts are a step in the right direction. However, the enforcement of these regulations is still a work in progress. For many organisations in the region, navigating the patchwork of national regulations can be a challenge. What we need is a more harmonised approach across MEA that allows companies to meet consistent standards, reducing the complexity of compliance and making it easier for businesses to implement effective security measures.
How can companies ensure business continuity while recovering from a cyber attack on their critical systems?
When it comes to ensuring business continuity after a cyber attack, the key is preparedness. Organisations need to have detailed incident response plans in place, backed up by strong recovery protocols. A good plan not only helps you respond quickly, but it also ensures that you’re communicating effectively with stakeholders throughout the process. I’m a firm believer that businesses should be practicing their response to cyber incidents as if they’re real—because when an attack happens, it’s no time to learn on the fly.
One of the most important things to have in place is a reliable data backup strategy. Regular backups are essential for minimising downtime. And once the systems are back online, it’s essential to conduct a thorough post-incident review. This review isn’t just about identifying what went wrong but also about adapting and strengthening defenses to ensure that you’re better prepared next time.
Vladimir Razov, an expert from the PT SWARM team, has discovered a vulnerability in several models of D-Link routers. According to Mordor Intelligence, D-Link is one of the top three Wi-Fi router manufacturers in the world. The vendor has been notified of the threat in line with the responsible disclosure policy and recommends that users switch to more recent devices.
The vulnerability, which is registered as BDU:2024-06211 with a CVSS 3.0 score of 8.4, affects the following D-Link models: DIR-878, DIR-882, DIR-2640-US, DIR-1960-US, DIR-2660-US, DIR-3040-US, DIR-3060-US, DIR-867-US, DIR-882-US, DIR-882/RE, DIR-882-CA, and DIR-882-US/RE. At the time of the research, vulnerable routers could be discovered using search engines in the United States, Canada, Sweden, China, Indonesia, and Taiwan.
According to the manufacturer, these models are no longer supported. D-Link recommends retiring the outdated devices and replacing them with supported devices that receive firmware updates. “If this vulnerability is successfully exploited, a malicious user authorized in the router’s web interface can compromise the entire device and gain access to all traffic passing through it,” says Vladimir Razov, Web Application Security Analyst at PT SWARM, the offensive security department at Positive Technologies.
As a temporary measure to mitigate the threat, Vladimir Razov recommends using OpenWrt (an open-source embedded operating system based on the Linux kernel and designed specifically for routers) or changing the login credentials for accessing the router’s web interface. Previously, Positive Technologies helped address vulnerabilities in Zyxel routers and other Zyxel devices. Positive Technologies also enhanced its PT Industrial Security Incident Manager (PT ISIM) with an additional expertise pack, enabling cybersecurity teams to detect attempts to exploit vulnerabilities in MikroTik routers and Cisco switches.
Leading cybersecurity provider Sophos has released findings from a new study quantifying the financial impact of various cybersecurity controls on cyber insurance claims. The research compares the effect of endpoint solutions, EDR/XDR technologies, and MDR services on claim amounts, offering valuable insights for both insurers and organizations.
Sally Adam, Senior Director, Solution Marketing at Sophos, said, “Every year, organisations spend huge amounts of money on their cybersecurity. By quantifying the impact of controls on the outcome of cyberattacks, this study enables them to focus their investments on the most cost-effective options. At the same time, insurers have a major influence on cybersecurity spending through the controls they require of organisations wishing to be covered and the discounts they offer when a given scheme is in place. This study enables them to encourage investments that can make a real difference to incident outcomes and the resulting claim amounts.”
The Sophos study reveals a dramatic difference in cyber insurance claims: organizations using MDR services claim a median compensation of just $75,000, a staggering 97.5% less than the $3 million median claimed by organizations relying solely on endpoint solutions. This means that endpoint-only users typically claim 40 times more in the event of an attack. The study attributes this significant reduction to the rapid threat detection and blocking capabilities of MDR services, which can effectively prevent extensive damage.
The study also highlights a clear benefit to combining EDR or XDR with endpoint solutions, as the average insurance claim for users of these tools is just $500,000, which is one-sixth of the $3 million average claim for those using only endpoint solutions.
The Sophos study indicates that the predictability of cyber insurance claims varies significantly depending on the security controls in place. Claims from organizations utilizing MDR services show the highest predictability, suggesting consistent and reliable threat mitigation. This is likely due to the 24/7 expert monitoring, investigation, and response that allows for swift action against threats at any time. Conversely, claims from users of EDR/XDR tools are the least predictable, implying that their effectiveness in preventing major damage heavily depends on the user’s expertise and speed of response.
The Sophos study also reveals significant differences in recovery times from ransomware attacks. Endpoint solution users average a 40-day recovery, while EDR/XDR users take the longest at 55 days. In stark contrast, organizations using MDR services recover the fastest, with an average downtime of just three days. These findings underscore MDR’s effectiveness in minimizing the impact of cyberattacks and highlight the less predictable recovery experiences associated with EDR/XDR tools, whose success is dependent on user expertise.
Adam concludes, “The research confirms what many people instinctively know: the type of security solution used has a significant impact on cyber insurance claims. Cyberattacks are inevitable, but defences are not. These results are a useful tool for organisations wishing to optimise their cyber defence and their return on investment in cybersecurity. They will also be useful for insurers looking to reduce their exposure and offer suitable policies to their customers.”
Fortinet has enhanced its OT Security Platform to better protect critical infrastructure from modern cyberthreats. The upgraded platform offers more than basic OT visibility with the new FortiGuard OT Security Service, expanded hardened solutions for network segmentation and 5G in demanding environments, and an improved OT SecOps portfolio for automated threat response and compliance management.
“Fortinet has been building an industry-leading OT Security Platform for 20-plus years and remains at the forefront of OT security innovation,” said Nirav Shah, Senior Vice President, Products and Solutions at Fortinet. “As cyberthreats against critical infrastructure and across industries such as energy, transportation, and manufacturing continue to grow, Fortinet remains committed to delivering comprehensive security solutions tailored for operational technology environments. These latest enhancements give organizations the tools they need to improve their OT security posture and adhere to regulatory requirements—all managed through a single, unified platform.”
The latest Fortinet OT Security Platform enhances OT security with:
- Advanced Threat Protection: New FortiGate Rugged NGFWs combined with the enhanced FortiGuard OT Security Service offer superior security enforcement, detecting threats using over 3,300 OT protocol rules, nearly 750 OT IPS rules, and 1,500 virtual patching rules. This protects against known exploited vulnerabilities and provides virtual patching for older OT systems. Secure remote access is also improved with updates to FortiSRA, including enhanced secrets and password management.
- Secure Segmentation: The new FortiSwitch Rugged 108F and FortiSwitch Rugged 112F-POE industrial-grade switches enable precise security control at the port level, preventing unauthorized lateral movement within OT networks. Built on Fortinet’s unified FortiOS, these switches simplify network and security management.
- Resilient Connectivity: Two new ruggedized 5G solutions are introduced: the IP67-rated FortiExtender Rugged 511G for secure, high-speed connectivity to remote OT sites, and the IP64-rated FortiExtender Vehicle 511G for fleet vehicles. Both feature embedded Wi-Fi 6 and new eSIM capabilities for easier carrier selection.
- Enhanced OT SecOps: Fortinet’s AI-driven security operations capabilities are strengthened with updates to FortiAnalyzer 7.6 and FortiDeceptor 6.1, offering deeper threat insights and simplified compliance reporting for OT security teams. FortiNDR Cloud now includes OT protocol support for threat hunting, while FortiNDR (on-premises) adds features like a Purdue Model view and a device inventory covering OT and the Mitre ATT&CK ICS Matrix.
The Fortinet OT Security Platform delivers a unified view and comprehensive security tools to simplify the management of OT and remote site security. It empowers organizations to easily assess, secure, and report on risks, including meeting complex regulatory compliance. Fortinet uniquely offers seamless segmentation and a complete ruggedized portfolio of OT security solutions all managed by a single operating system, FortiOS. Its deep integration within the Fortinet Security Fabric makes it a leading platform in the industry, providing an effective, efficient, and holistic approach to OT security and compliance that surpasses standard offerings.
Positive Technologies Discovery Leads D-Link to Recommend Router Replacements
Sophos Study: MDR Users Claim 97.5% Less in Cyber Insurance
Fortinet Strengthens OT Security for Critical Infrastructure
ManageEngine’s Open API Platform Enables Unified, Customisable Security Analytics
AI-Driven Deception: A New Face of Corporate Fraud
UAE Cyber Security Council and CPX Unveil Cybersecurity Report 2025
Proactive Threat Intelligence is Essential in Securing Critical Infrastructure
“We Can All Do Better By Treating Women in Tech as Equals”
Supply Chain Vulnerabilities Are Becoming a Growing Concern
“Having Mentors Who Believe in You Can Make All the Difference”
UAE Workforce in 2025: Cybercrime, Stress, and Burnout Take the Spotlight
Video: Toshiba Presents Latest Hard Drives and QNAP NAS System Live Demo at INTERSEC 2025
Video: Toshiba Showcases its Latest Hard Disk Drives Through Live Demos at Intersec 2025
Video: Interview with Meriam ElOuazzani of SentinelOne
Video: Interview with Fred Crehan of Confluent at GITEX Global 2024
-
Artificial Intelligence1 week ago89% of Companies Update AI Data Strategies, But Gaps Remain
-
News1 week agoMatrix Announces IoTSCS-ER Compliant Network Cameras Certified by STQC
-
Cyber Security1 week agoHalcyon Launches 24/7 Ransomware Detection and Recovery (RDR) Solution
-
Artificial Intelligence1 week agoKaspersky Detects Sophisticated Scam Using DeepSeek AI
-
Artificial Intelligence6 days agoUiPath Acquires Peak to Drive Next-Gen AI Decision Intelligence
-
Cyber Security1 week agoNew Research from Palo Alto Networks and Siemens on OT Security Risks
-
Cyber Security1 week agoForcepoint to Acquire Getvisibility
-
Cyber Security7 days agoGroup-IB Outs High-Tech Crime Trends Report 2025 for META