cyber
TRENDS within a company. Due to their frustration, they might not be willing to work efficiently or feel motivated.
Because of this, around 75 % of threats are due to human errors. Some employees might overlook a threat or a risk; they simply click on a malicious link without performing further investigation or reporting it to senior management. They might just click on any link or download any malicious attachment, and then the entire security infrastructure gets infected by malware or a hacking attempt. So, yes, 75 % of threats happen due to human errors.
Raed Ahsan, ethical hacker, Saudi Arabia
How would you characterise the current cybersecurity landscape in the region?
The Middle East is evolving rapidly in terms of digital infrastructure and cybersecurity awareness. Governments and enterprises are also investing heavily in digital transformation, especially in artificial intelligence nowadays. But this growth has also made the region a prime target for sophisticated cyberattacks, and we are seeing increased awareness from CISOs and tech leaders. engineering a malware strain or IoT devices and the next I’ m conducting a full-scale Red Team assessment on an ICS( Industrial Control Systems) or SCADA environment.
One of my most memorable engagements was performing a live Android hacking demonstration at a major conference in Dubai, the Security Conclave. It was high-stakes and very public, but seeing the impact of ethical hacking in real time was incredibly powerful. Another recent project involved penetration testing on an operational technology network connected to a chemical plant’ s firewalls and HMI systems. That pushed me to deeply understand the nuances of ICS security.
These engagements constantly remind me that ethical hacking isn’ t just about tools; it’ s about understanding the context, the business risk and the human element behind every system.
Is the human element the biggest commonality of threat you’ re seeing?
We’ ve all come to understand in cybersecurity that there can be discontent or demotivated employees
There’ s a critical need for region-specific threat intelligence, tailored incident response planning, and more practical training to bridge the gap between compliance and real-world security. The momentum is definitely positive. Initiatives like the Vision 2030 in Saudi Arabia are driving major advancements in cybersecurity and technology and events like Black Hat, as I mentioned before, are helping to build a robust cybersecurity ecosystem in the entire region of Saudi Arabia.
From a geopolitical standpoint, where do the primary cyberthreats to organisations originate?
The Middle East sits at a crossroads, both geographically and politically, which makes it a hotspot for a range of threat actors. We are seeing significant state-sponsored activity, especially targeting critical infrastructure like oil and gas facilities, government entities, water treatment plants, etc. These actors are well-funded and often use Advanced Persistent Threats( APTs) that operate quietly over a long period of time. They sit inside your system, inside your critical infrastructure, just waiting and watching what all the government entities or what the people are doing in that facility, and they are waiting for their turn. So they keep themselves inside your systems for a long period of time.
The Middle East sits at a crossroads, both geographically and politically, which makes it a hotspot for a range of threat actors.
WWW. INTELLIGENTCISO. COM 53