Cyber Security
Supply Chain Vulnerabilities Are Becoming a Growing Concern
Radu Balanescu, the Associate Director for Cybersecurity at BCG, and Shoaib Yousuf, the Managing Director and Partner at BCG speak about cybersecurity for critical infrastructure, the threat landscape, trends in cyberattacks, and more
Why is cybersecurity highly relevant for critical infrastructure and its operators in the MEA region, and particularly now?
Critical National Infrastructure (CNI) operators in the MEA region face a dual responsibility: protecting shareholder interests while ensuring national security and stability. Their role extends beyond operational resilience to actively strengthening the country’s cyber defense through industry collaboration, intelligence sharing, R&D, and workforce development. Unlike conventional organizations, CNIs are prime targets for a broad spectrum of threat actors.
The consequences of cyberattacks go beyond economic and reputational damage, threatening national security by destabilizing critical sectors such as energy, financial markets, and healthcare. With rising geopolitical tensions amplifying both the frequency and sophistication of attacks, CNIs must take a leading stance in fortifying cybersecurity to mitigate disruptions that could have far-reaching implications.
Can you provide an overview of the current cybersecurity landscape for critical infrastructure in the MEA region?
The interconnected nature of critical infrastructure means that a weakness in one part of the supply chain can expose the entire ecosystem to cyber threats. The cybersecurity landscape for CNIs in the MEA region is shaped by sector-specific challenges across industries such as energy, telecommunications, healthcare, financial services, and public services. While each sector has unique vulnerabilities, common challenges persist, including workforce shortages, skills gaps, increasing regulatory pressures, rapid digitization, and heightened supply chain risks.
The global shortfall of 2.8 million cybersecurity professionals has left CNIs struggling to attract and retain talent, with critical positions such as cybersecurity leadership, architecture, and cloud security often remaining unfilled. Addressing this requires sustained investment in workforce development and alternative strategies to bridge expertise gaps.
National cybersecurity authorities are intensifying regulatory pressure by implementing sector-specific frameworks to strengthen cyber resilience. While foundational policies such as the ECC in KSA and Qatar’s Cyber Security Framework of 2022 provide a compliance baseline, additional regulations focusing on OT security, third-party risk management, and cloud governance are expected.
CNIs that operate internationally must also comply with overlapping regional and global requirements, adding complexity to their cybersecurity obligations. Meanwhile, rapid digitization is further expanding the attack surface. Financial institutions are focusing on digital customer touchpoints, while energy companies are integrating IT and OT environments—introducing new threats into previously isolated systems. IT/OT convergence makes cybersecurity not just a technological issue but also a health and safety risk with potentially severe consequences.
Supply chain vulnerabilities are becoming a growing concern, as cybercriminals increasingly exploit third-party vendors and cloud services to enter CNI networks. The interconnected nature of critical infrastructure means that a weakness in one part of the supply chain can expose the entire ecosystem to cyber threats. As attacks become more sophisticated, prioritization of proactive cybersecurity strategies , must be front and center , balancing compliance, workforce development, and digital resilience to safeguard national security and operational stability must be at the core.
What are the most notable trends in cyber attacks targeting these systems?
Several key trends are shaping the cyber threat landscape for CNI, including the commoditization of cyber-attacks, the rise of AI-supported threats, and the growing sophistication of well-funded, highly organized threat groups. The commoditization of cyber-attacks has made malicious activity more accessible and cost-effective than ever. Cybercriminals have become highly structured, operating like corporations, with hacking-as-a-service becoming a viable and increasingly prevalent business model. This has lowered the barrier to entry, enabling a wider range of actors to execute complex attacks.
AI has emerged as a double-edged sword—while it enhances cybersecurity defenses, it also provides attackers with powerful tools for automation, scripting, and deception. AI-assisted attacks allow individuals with limited expertise to carry out cyber intrusions that would have previously required specialized skills. Deepfake phishing, in particular, has surged, leveraging AI to create highly convincing fraudulent content across written, voice, and video formats, increasing the risk of social engineering attacks.
In addition, highly resourced and strategically motivated cyber groups are targeting CNIs to disrupt services, spread disinformation, or steal intellectual property. These adversaries often operate with long-term objectives and access to advanced capabilities, making them some of the most formidable threats to critical infrastructure. With cyber threats evolving in scale and sophistication, CNIs must continuously adapt their security posture to counter these emerging risks effectively.
How important is employee training and awareness in preventing cyber-attacks on critical infrastructure?
Employee training and awareness are fundamental to strengthening cybersecurity defenses for CNI. BCG research on major data breaches indicates that more than two-thirds result from organizational, process, or human failures—not technology—underscoring that people are the true first line of defense against cyber threats. Both structured training and ongoing awareness initiatives are essential to building a resilient security culture within CNIs.
Training equips employees with the necessary skills to identify and respond to cyber threats effectively. Foundational cybersecurity training should be mandatory for all employees, covering basic concepts and common risks. Leadership teams require additional insights into targeted threats such as fraud and impersonation, ensuring they can make informed decisions in high-risk scenarios. For technical personnel, continuous upskilling is critical, as staying ahead of emerging attack vectors can mean the difference between mitigating and succumbing to a breach.
Beyond training, awareness programs play a vital role in reinforcing cybersecurity best practices and fostering vigilance. CNIs implement initiatives such as phishing simulations to sensitize employees to real-world threats and drive behavioral change. At the executive level, cyberattack simulations help leaders assess their crisis response capabilities, ensuring that cybersecurity accountability is embedded at the highest levels of the organization, including the boardroom. Given the evolving threat landscape, investing in both training and awareness is not optional—it is a strategic necessity for safeguarding critical infrastructure.
What role does proactive information sharing play in securing critical infrastructure systems?
Proactive information sharing is a critical enabler of cybersecurity resilience for CNIs, significantly enhancing their ability to detect, prevent, and respond to threats. The sheer scale of incidents that security teams handle—sometimes exceeding a million per week in large CNIs—makes identifying real threats akin to searching for a needle in a haystack. On average, it takes nearly 300 days globally to detect a breach, and even mature organizations still require about 30 days to do so—far too long for a malicious actor to operate undetected within a network. Information sharing transforms one organization’s detection into another’s prevention (as noted by James Scott, co-founder of the Institute for CNI Technology.)
Beyond improving detection, effective information-sharing frameworks drive business value by preventing costly cybersecurity incidents. They help CNIs mitigate financial losses from system downtime, customer attrition, and reputational damage. Furthermore, sharing intelligence strengthens the entire ecosystem, advancing cybersecurity maturity across industries. Critical information exchanged within these networks includes indicators of compromise, best practices for mitigation, and standardized frameworks for secure data-sharing protocols.
Regulators play an essential role in fostering collaboration among CNIs, expanding cyber threat intelligence, and strengthening collective resilience. Their initiatives support defensive capabilities, improve incident response, and encourage secure collaboration while safeguarding data privacy. As cyber threats grow in complexity, CNIs must embrace a cooperative approach—leveraging shared insights to bolster defenses and minimize risk exposure across the sector.
What role do MEA governments play in regulating and enforcing cybersecurity standards for critical infrastructure?
MEA governments are implementing comprehensive cybersecurity regulation and enforcement frameworks for critical infrastructure, responding decisively to an increasingly complex threat landscape. Through empowered national cybersecurity authorities with cross-sector mandates, they are establishing rigorous governance structures that address the interconnected nature of modern cyber risks.
This strategic approach is evidenced by Qatar’s detailed National Cyber Security Strategy 2024-2030 and the UAE’s decisive 2023 Critical Information Infrastructure Protection Policy, which integrates critical infrastructure protection with national security imperatives while ensuring the continuity of essential services vital to economic stability. The MEA region has developed a sophisticated model of regional cybersecurity collaboration, establishing robust mechanisms for threat intelligence sharing and coordinated defense capabilities. Saudi Arabia demonstrates this through its stringent mandatory compliance framework for CNIs, implementing Essential Cybersecurity Controls (ECC) alongside sector-specific regulations that address emerging technical and operational risks.
This systematic approach extends to building critical security capabilities, as shown by initiatives like Saudi Arabia’s Women Empowerment in Cyberspace (WEC) program, which strengthens the region’s cybersecurity talent base while addressing crucial skill gaps in critical infrastructure protection. These coordinated efforts reflect the MEA governments’ clear understanding that effective critical infrastructure protection requires both strong national frameworks and deep regional cooperation to address evolving cyber threats.
Vladimir Razov, an expert from the PT SWARM team, has discovered a vulnerability in several models of D-Link routers. According to Mordor Intelligence, D-Link is one of the top three Wi-Fi router manufacturers in the world. The vendor has been notified of the threat in line with the responsible disclosure policy and recommends that users switch to more recent devices.
The vulnerability, which is registered as BDU:2024-06211 with a CVSS 3.0 score of 8.4, affects the following D-Link models: DIR-878, DIR-882, DIR-2640-US, DIR-1960-US, DIR-2660-US, DIR-3040-US, DIR-3060-US, DIR-867-US, DIR-882-US, DIR-882/RE, DIR-882-CA, and DIR-882-US/RE. At the time of the research, vulnerable routers could be discovered using search engines in the United States, Canada, Sweden, China, Indonesia, and Taiwan.
According to the manufacturer, these models are no longer supported. D-Link recommends retiring the outdated devices and replacing them with supported devices that receive firmware updates. “If this vulnerability is successfully exploited, a malicious user authorized in the router’s web interface can compromise the entire device and gain access to all traffic passing through it,” says Vladimir Razov, Web Application Security Analyst at PT SWARM, the offensive security department at Positive Technologies.
As a temporary measure to mitigate the threat, Vladimir Razov recommends using OpenWrt (an open-source embedded operating system based on the Linux kernel and designed specifically for routers) or changing the login credentials for accessing the router’s web interface. Previously, Positive Technologies helped address vulnerabilities in Zyxel routers and other Zyxel devices. Positive Technologies also enhanced its PT Industrial Security Incident Manager (PT ISIM) with an additional expertise pack, enabling cybersecurity teams to detect attempts to exploit vulnerabilities in MikroTik routers and Cisco switches.
Leading cybersecurity provider Sophos has released findings from a new study quantifying the financial impact of various cybersecurity controls on cyber insurance claims. The research compares the effect of endpoint solutions, EDR/XDR technologies, and MDR services on claim amounts, offering valuable insights for both insurers and organizations.
Sally Adam, Senior Director, Solution Marketing at Sophos, said, “Every year, organisations spend huge amounts of money on their cybersecurity. By quantifying the impact of controls on the outcome of cyberattacks, this study enables them to focus their investments on the most cost-effective options. At the same time, insurers have a major influence on cybersecurity spending through the controls they require of organisations wishing to be covered and the discounts they offer when a given scheme is in place. This study enables them to encourage investments that can make a real difference to incident outcomes and the resulting claim amounts.”
The Sophos study reveals a dramatic difference in cyber insurance claims: organizations using MDR services claim a median compensation of just $75,000, a staggering 97.5% less than the $3 million median claimed by organizations relying solely on endpoint solutions. This means that endpoint-only users typically claim 40 times more in the event of an attack. The study attributes this significant reduction to the rapid threat detection and blocking capabilities of MDR services, which can effectively prevent extensive damage.
The study also highlights a clear benefit to combining EDR or XDR with endpoint solutions, as the average insurance claim for users of these tools is just $500,000, which is one-sixth of the $3 million average claim for those using only endpoint solutions.
The Sophos study indicates that the predictability of cyber insurance claims varies significantly depending on the security controls in place. Claims from organizations utilizing MDR services show the highest predictability, suggesting consistent and reliable threat mitigation. This is likely due to the 24/7 expert monitoring, investigation, and response that allows for swift action against threats at any time. Conversely, claims from users of EDR/XDR tools are the least predictable, implying that their effectiveness in preventing major damage heavily depends on the user’s expertise and speed of response.
The Sophos study also reveals significant differences in recovery times from ransomware attacks. Endpoint solution users average a 40-day recovery, while EDR/XDR users take the longest at 55 days. In stark contrast, organizations using MDR services recover the fastest, with an average downtime of just three days. These findings underscore MDR’s effectiveness in minimizing the impact of cyberattacks and highlight the less predictable recovery experiences associated with EDR/XDR tools, whose success is dependent on user expertise.
Adam concludes, “The research confirms what many people instinctively know: the type of security solution used has a significant impact on cyber insurance claims. Cyberattacks are inevitable, but defences are not. These results are a useful tool for organisations wishing to optimise their cyber defence and their return on investment in cybersecurity. They will also be useful for insurers looking to reduce their exposure and offer suitable policies to their customers.”
Fortinet has enhanced its OT Security Platform to better protect critical infrastructure from modern cyberthreats. The upgraded platform offers more than basic OT visibility with the new FortiGuard OT Security Service, expanded hardened solutions for network segmentation and 5G in demanding environments, and an improved OT SecOps portfolio for automated threat response and compliance management.
“Fortinet has been building an industry-leading OT Security Platform for 20-plus years and remains at the forefront of OT security innovation,” said Nirav Shah, Senior Vice President, Products and Solutions at Fortinet. “As cyberthreats against critical infrastructure and across industries such as energy, transportation, and manufacturing continue to grow, Fortinet remains committed to delivering comprehensive security solutions tailored for operational technology environments. These latest enhancements give organizations the tools they need to improve their OT security posture and adhere to regulatory requirements—all managed through a single, unified platform.”
The latest Fortinet OT Security Platform enhances OT security with:
- Advanced Threat Protection: New FortiGate Rugged NGFWs combined with the enhanced FortiGuard OT Security Service offer superior security enforcement, detecting threats using over 3,300 OT protocol rules, nearly 750 OT IPS rules, and 1,500 virtual patching rules. This protects against known exploited vulnerabilities and provides virtual patching for older OT systems. Secure remote access is also improved with updates to FortiSRA, including enhanced secrets and password management.
- Secure Segmentation: The new FortiSwitch Rugged 108F and FortiSwitch Rugged 112F-POE industrial-grade switches enable precise security control at the port level, preventing unauthorized lateral movement within OT networks. Built on Fortinet’s unified FortiOS, these switches simplify network and security management.
- Resilient Connectivity: Two new ruggedized 5G solutions are introduced: the IP67-rated FortiExtender Rugged 511G for secure, high-speed connectivity to remote OT sites, and the IP64-rated FortiExtender Vehicle 511G for fleet vehicles. Both feature embedded Wi-Fi 6 and new eSIM capabilities for easier carrier selection.
- Enhanced OT SecOps: Fortinet’s AI-driven security operations capabilities are strengthened with updates to FortiAnalyzer 7.6 and FortiDeceptor 6.1, offering deeper threat insights and simplified compliance reporting for OT security teams. FortiNDR Cloud now includes OT protocol support for threat hunting, while FortiNDR (on-premises) adds features like a Purdue Model view and a device inventory covering OT and the Mitre ATT&CK ICS Matrix.
The Fortinet OT Security Platform delivers a unified view and comprehensive security tools to simplify the management of OT and remote site security. It empowers organizations to easily assess, secure, and report on risks, including meeting complex regulatory compliance. Fortinet uniquely offers seamless segmentation and a complete ruggedized portfolio of OT security solutions all managed by a single operating system, FortiOS. Its deep integration within the Fortinet Security Fabric makes it a leading platform in the industry, providing an effective, efficient, and holistic approach to OT security and compliance that surpasses standard offerings.
Positive Technologies Discovery Leads D-Link to Recommend Router Replacements
Sophos Study: MDR Users Claim 97.5% Less in Cyber Insurance
Fortinet Strengthens OT Security for Critical Infrastructure
ManageEngine’s Open API Platform Enables Unified, Customisable Security Analytics
AI-Driven Deception: A New Face of Corporate Fraud
UAE Cyber Security Council and CPX Unveil Cybersecurity Report 2025
Proactive Threat Intelligence is Essential in Securing Critical Infrastructure
“We Can All Do Better By Treating Women in Tech as Equals”
Supply Chain Vulnerabilities Are Becoming a Growing Concern
“Having Mentors Who Believe in You Can Make All the Difference”
UAE Workforce in 2025: Cybercrime, Stress, and Burnout Take the Spotlight
Video: Toshiba Presents Latest Hard Drives and QNAP NAS System Live Demo at INTERSEC 2025
Video: Toshiba Showcases its Latest Hard Disk Drives Through Live Demos at Intersec 2025
Video: Interview with Meriam ElOuazzani of SentinelOne
Video: Interview with Fred Crehan of Confluent at GITEX Global 2024
-
Artificial Intelligence1 week ago89% of Companies Update AI Data Strategies, But Gaps Remain
-
News1 week agoMatrix Announces IoTSCS-ER Compliant Network Cameras Certified by STQC
-
Cyber Security1 week agoHalcyon Launches 24/7 Ransomware Detection and Recovery (RDR) Solution
-
Artificial Intelligence1 week agoKaspersky Detects Sophisticated Scam Using DeepSeek AI
-
Artificial Intelligence6 days agoUiPath Acquires Peak to Drive Next-Gen AI Decision Intelligence
-
Cyber Security1 week agoForcepoint to Acquire Getvisibility
-
Cyber Security1 week agoNew Research from Palo Alto Networks and Siemens on OT Security Risks
-
Cyber Security6 days agoGroup-IB Outs High-Tech Crime Trends Report 2025 for META