Fernando Cea, the VP of Technology for New Markets at Globant, says 45% of business leaders prioritise cyber risk management in the region, surpassing the global average of 43%

Can you provide an overview of the current cybersecurity landscape for critical infrastructure in the MEA region?
The cybersecurity landscape for critical infrastructure in the Middle East and Africa (MEA) is evolving rapidly as the region undergoes extensive digital transformation. With increased connectivity across industries, the attack surface has expanded, making critical infrastructure a prime target for cyber threats.

Sophisticated attacks on sectors such as energy, finance, healthcare, and telecommunications have the potential to disrupt essential services, impact national security, and cause economic instability. The growing reliance on cloud computing, IoT, and AI-driven operations introduces new vulnerabilities that threat actors seek to exploit.

Encouragingly, cybersecurity has gained significant traction in the region, with 45% of business leaders prioritising cyber risk management—surpassing the global average of 43%. This increased awareness is driving investment in security frameworks, regulatory compliance, and incident response strategies to mitigate emerging threats.

What are the most notable trends in cyber attacks targeting these systems?
Several key attack trends are shaping the cybersecurity landscape in the MEA region.

1. Cloud-based attacks: As organisations migrate critical workloads to the cloud, attackers are targeting misconfigurations, weak authentication, and API vulnerabilities to gain unauthorised access.
2. IoT and connected device exploitation: The proliferation of smart infrastructure has led to increased attacks on industrial control systems (ICS) and operational technology (OT), posing risks to energy grids, transportation networks, and healthcare systems.
3. Ransomware remains a significant threat, with attackers targeting high-value sectors to encrypt data and demand payment for its release. Double extortion tactics—stealing and threatening to leak sensitive information—are on the rise.
4. Business Email Compromise (BEC) and supply chain attacks: Organisations are increasingly targeted through phishing and social engineering campaigns that exploit trusted relationships within the supply chain.
5. Hack-and-leak operations: Geopolitically motivated cyber actors are using data leaks as a tactic to undermine governments, corporations, and public trust.

Which sectors in the MEA region are most vulnerable to cyber attacks, and why?
Several sectors in MEA face heightened cyber risks due to their critical role in national stability and economic growth. In the Financial Services sector, the rise of digital banking and fintech solutions has increased the attack surface for cybercriminals targeting financial transactions and customer data.

The Energy and utilities industry has also gone under risk. Legacy infrastructure, combined with geopolitical risks, makes power grids and oil and gas facilities attractive targets for state-sponsored and financially motivated cyber threats. In Healthcare, many institutions operate with outdated systems and limited cybersecurity budgets, making them vulnerable to ransomware attacks and data breaches. The expansion of 5G networks has introduced new security challenges, with potential vulnerabilities in network slicing, IoT devices, and cloud-based telecom infrastructure.

One of the most critical areas is the government and public sector. These entities manage vast amounts of sensitive citizen data, yet resource constraints often hinder the implementation of robust cybersecurity measures. Lastly, in Retail and e-commerce, The surge in digital transactions has made retailers prime targets for payment fraud, credential stuffing, and data theft. Addressing these vulnerabilities requires a combination of regulatory enforcement, industry collaboration, and advanced security solutions tailored to sector-specific risks.

What are the primary motivations behind cyber attacks on critical infrastructure in the MEA region?
When we look at the motivations behind cyber attacks on critical infrastructure in the Middle East and Africa, there are a few key factors at play. Geopolitical tensions are a major driver; hostile nations often target infrastructure to disrupt economies or undermine stability. There’s also the financial motivation, where cybercriminals aim to steal money or sensitive data for profit, especially in sectors like finance and energy.

Sabotage is another factor—some attackers seek to cause chaos or damage to critical services, which can lead to significant consequences for governments and populations. Additionally, hacktivism plays a role, as some groups target infrastructure to promote political agendas or social causes.

How important is employee training and awareness in preventing cyber attacks on critical infrastructure?
In a landscape where cyber threats are constantly evolving, investing in employee awareness is one of the smartest moves any organisation can make to bolster its defenses. At the end of the day, technology can only do so much; people are often the first line of defense. When employees are trained to recognise threats like phishing emails or suspicious activity, they can act as a vital safeguard against potential breaches.

Regular training not only keeps security top of mind but also fosters a culture of vigilance within the organisation. It empowers employees to take ownership of their role in cybersecurity, which is essential for protecting sensitive systems and data.

What role does proactive threat intelligence play in securing critical infrastructure systems?
Proactive threat intelligence is crucial for securing critical infrastructure systems. Organisations can identify patterns through threat data monitoring. For example, an increase in phishing attempts aimed at energy companies could indicate a potential attack. This allows organisations to strengthen their defenses proactively.

Additionally, if intelligence indicates potential vulnerabilities in a specific software used in healthcare systems, teams can prioritise updates or patches to prevent exploitation. This approach shifts from merely reacting to incidents to anticipating threats and acting strategically. Ultimately, leveraging threat intelligence helps safeguard vital systems and ensures organisations are prepared to tackle the ever-evolving landscape of cyber threats.

Are there any technologies being deployed to safeguard critical infrastructure in the region?
Yes, several technologies are being deployed to safeguard critical infrastructure in the region. AI and machine learning are increasingly used to analyse vast amounts of data for detecting anomalies and potential threats in real time. For instance, these technologies can identify unusual patterns in network traffic that may indicate a cyber attack. Additionally, zero-trust architecture is gaining traction, emphasising that no one—inside or outside the network—should be trusted by default.

By regularly verifying user identities and securing devices, organisations can lower their risk of breaches. This is especially important given that 36% of organisations globally reported costs of $1 million or more from their worst breach in the last three years, up from 27% the previous year. In the Middle East, that number is 29%, showing the urgent need for better security measures.

What are the biggest challenges companies face in securing critical infrastructure in the MEA region?
Securing critical infrastructure in the MEA region is challenging for several reasons. Many essential services were not designed with security in mind, leaving them vulnerable today. For example, the Internet has inherent weaknesses, such as DNS and BGP protocol issues, that are difficult to address.

Additionally, these services often rely on non-essential systems, complicating protection efforts. International cooperation is also essential but hard to achieve without strong global incentives. Organisations frequently lack a clear understanding of their risks, hindering the development of consistent security measures. Outdated technologies further increase vulnerabilities due to a lack of updates, while limited cybersecurity budgets make it tough to implement robust defenses.

How can companies ensure business continuity while recovering from a cyber attack on their critical systems?
Companies must have a robust incident response plan in place. This plan should include clearly defined roles and responsibilities, allowing teams to act quickly and efficiently. Regularly backing up data helps organisations restore critical systems quickly, minimising downtime. Companies should also prioritise communication both internally and externally to keep stakeholders informed and maintain trust. Investing in training and awareness programs helps employees recognise potential threats, further strengthening the organisation’s defenses.

Lastly, conducting post-incident reviews to identify weaknesses and improve strategies is vital for resilience. By adopting these measures, companies can effectively navigate the recovery process and minimise disruption to their operations.