CNME Editor Mark Forker, spoke to Mortada Ayad, VP of Sales – META at Delinea, to find out what measures enterprises should take to combat cybercriminals trying to capitalise on the uncertainty that currently exists due to the ongoing conflict across the Middle East, and what role AI can play in ensuring those threats are thwarted and we maintain business continuity across the region.
Q1. There are multiple reports emerging from across the Middle East that scammers have set-up fake airline support accounts to exploit vulnerable tourists stranded in destinations across the Gulf – and there have also been reports of cybercriminals attempting to gain access to bank accounts. What are the best practices and measures that businesses need to put into place to protect their users now working remotely again, and what are some of the lessons that we learned from 2020 that business leaders need to adopt and apply to the current situation across the region?
Periods of disruption create ideal conditions for cybercriminals because people are more likely to act quickly and verify less. When travellers are trying to rebook flights or access banking services urgently, attackers know that a message appearing to come from a trusted airline or financial institution is far more likely to be believed. This is why social engineering remains one of the most effective entry points for cyberattacks.
Another key lesson from 2020 is that the traditional network perimeter has largely disappeared. With remote and hybrid work now firmly established, employees access systems from multiple locations, devices, and networks. In many ways, that shift is permanent, making identity the new perimeter.
The encouraging part is that the most effective protections are well understood and can be implemented quickly. Organisations should prioritise strong identity controls such as multi-factor authentication and least-privilege access, so employees only reach the systems they genuinely need.
Just-in-time privileged access is also critical. During periods of disruption, organisations sometimes grant broader permissions simply to keep operations moving. Attackers are well aware of this tendency and actively exploit it.
Finally, awareness around brand impersonation is essential. Whether it’s fake airline support accounts or fraudulent banking alerts, employees and customers should always verify official communication channels before sharing information or credentials.
The biggest lesson from 2020 is simple: resilience now depends on identity-centric security, not location-based security.
Q2. With a wave of cyberattacks across the Middle East region now highly likely, what method of attack do you envisage cybercriminals deploying? Will it be AI-powered phishing emails for a ransomware attack, brand impersonation, or identity theft, perhaps a mix of all of them, or will it be something radically different?
What we’re likely to see are multi-stage attacks that combine several methods, all centred around compromising identities. For the reasons I previously mentioned, the first step is almost always social engineering.
That might take the form of AI-assisted phishing emails, fake support accounts, or fraudulent login portals. The goal is straightforward: convince someone to hand over credentials or access tokens. Once attackers obtain a legitimate identity, the focus shifts to privilege escalation. They begin exploring what systems that account can access and attempt to expand those privileges further.
From there, the attack often moves into brand impersonation campaigns targeting sectors with high consumer trust such as airlines, banks, or government services. These campaigns can harvest large volumes of credentials very quickly. The final stage may involve ransomware, data theft, or lateral movement across corporate systems.
What makes these attacks particularly challenging is that they often look like legitimate activity. If an attacker is using valid credentials, their actions can resemble those of a real employee. That’s why organisations increasingly need strong identity monitoring and privileged access controls to detect unusual behaviour even when the login itself appears normal.
Q3. How much of a role is AI playing in fueling these security threats, and again, what are the key recommendations you’d give enterprises who want to protect their assets and are desperate to ensure they have business continuity?
AI is certainly changing the scale and speed of cybercrime as attackers can now generate convincing messages in multiple languages, mimic executive communications, and personalise attacks using publicly available data.
However, it’s important not to view AI as creating an entirely new threat landscape. In reality, it’s accelerating tactics that attackers have used for years. So, for CISOs, the message is not to panic as core defensive principles remain highly effective.
User awareness remains an important first layer of defence, although organisations must also recognise that even well-trained employees can occasionally make mistakes. That’s why strong identity security is essential as a backstop.
Practically speaking, organisations should focus on eliminating standing privileges wherever possible so administrative access is granted only when required and only for a limited period.
Continuous monitoring of identity behaviour is equally important. Detecting unusual login locations, abnormal privilege requests, or unexpected system activity allows security teams to respond before an incident escalates.
Finally, organisations should pay closer attention to machine identities and service accounts, which often have high privileges but historically weaker controls.
