CNME Editor Mark Forker sat down with Abdullah Altaifi, Regional Vice President, Saudi Arabia, Lebanon, and Bahrain, at Palo Alto Networks, to discuss in more detail what business lessons learned from the COVID-19 pandemic can be applied amidst the ongoing disruption across the Middle East region, what new wave of cyberattacks are being launched – and how much of a role is AI playing in driving them.
There have been a lot of similarities made between the onset of the COVID-19 pandemic and the US/Israel v Iran conflict in terms of the fact that almost overnight across the region, we returned to a ‘work from home’ model, not knowing how long it was going to last for.
However, as the old saying goes, in the midst of every crisis lies great opportunity, and during the global pandemic cybercriminals demonstrated that.
History is repeating itself, as there are multiple reports emerging from across the Middle East that scammers have set-up fake airline support accounts to exploit vulnerable tourists stranded in destinations across the Gulf – and there have also been reports of cybercriminals attempting to gain access to bank accounts.
We spoke to Abdullah Altaifi from Palo Alto Networks to get his take on the current situation from both a business continuity and cybersecurity perspective.
What are the best practices and measures that businesses need to put into place to protect their users now working remotely again, and what are some of the lessons that we learned from 2020 that business leaders need to adopt and apply to the current situation across the region?
The COVID-19 pandemic forced organizations to adopt home and hybrid working models and this remained standard for many people. It was likely a trend that would have happened anyway, and the pandemic accelerated and formalized it.
However, whenever there is a situation that suddenly forces more employees to work remotely, organizations must ensure their cybersecurity posture is prepared and that they can secure all of their users, across all devices and locations. This is something most organizations learned during COVID-19 and they had to keep processes in place to account for ongoing remote and hybrid workers, albeit at a smaller scale compared to during the pandemic.
In the current scenario, we see many organizations in the Gulf region returning to remote and hybrid models, and it’s important that they ensure that all employees are working securely on all their devices in all locations.
For remote working, Palo Alto Networks recommends embracing a Zero Trust Network Access (ZTNA 2.0) model to ensure that security follows the user, not the location, and that there is a continuous inspection of all traffic.
Organizations should also implement Identity and Access Management (IAM) with phishing-resistant multi-factor authentication, while securing employees’ home working spaces through SASE (Secure Access Service Edge).
Business leaders must shift from managing devices to managing identities and data. By unifying security into a single platform, organizations can eliminate the visibility gaps that occurred during the rapid shifts of the past. This ensures that productivity never comes at the cost of regional compliance or digital integrity.
With a wave of cyberattacks across the Middle East region now highly likely, what method of attack do you envisage cybercriminals deploying? Will it be AI-powered phishing emails for a ransomware attack, brand impersonation, or identity theft, perhaps a mix of all of them, or will it be something radically different?
If we look at the cybersecurity landscape more generally, it’s clear that certain types of attacks are on the rise, and it is common for cybercriminals to use specific events to their advantage.
Malign actors will be aware that many people in the region are working remotely, and they will factor this into their scams. AI-powered phishing remains a top entry point due to its ability to create sophisticated, hyper-personalized content and social engineering attacks at volume.
AI is also behind a rise in identity-based attacks, as it leverages data processing and generative techniques to create fake personas and crack credentials, allowing attackers to mimic legitimate user behaviour and bypass traditional authentication filters. In Saudi Arabia, 68% of organizations experienced at least two successful identity-centric breaches, according to insights from 2025 Identity Security Landscape report from CyberArk, a Palo Alto Networks company.
Furthermore, we see a rise in ransomware where the perpetrator encrypting data or threatens to leak sensitive corporate intelligence. Deepfake technology for brand impersonation is also becoming a reality, targeting high-level executives to authorize fraudulent transfers. The common thread is the speed of these attacks, which can happen in hours rather than days and weeks.
Despite this, looking at the current situation, we believe threat activity from nation-state groups based within Iran is mitigated in the near term because of the limited internet connectivity in the country, although Unit 42 observed an escalation in cyberattacks from activists outside the country.
How much of a role is AI playing in fuelling these security threats, and again, what are the key recommendations you’d give enterprises who want to protect their assets and are desperate to ensure they have business continuity?
AI is fundamentally changing the economics of cybersecurity as it allows cybercriminals to automate attacks and exploit vulnerabilities at speed and with minimal resources. It is no longer viable for enterprises fighting AI-driven threats with manual processes.
To ensure business continuity, Palo Alto Networks recommends that organizations embrace a more holistic ‘platformization’ approach to cybersecurity, which involves integrating AI driven security across the network, cloud, and endpoints into a unified platform, while increasing visibility of network traffic, reducing complexity, and ensuring solutions work together seamlessly to eliminate gaps in an organization’s security posture.
Organizations should also transform their Security Operations Centre (SOC) with AI and automation to drastically reduce response times. They also need to improve their identity security capabilities, including using Privileged Access Management (PAM), which is critical for preventing breaches by securing, managing, and monitoring the high-risk credentials that attackers target.
Working with Palo Alto Networks, companies can limit lateral movement by enforcing least privilege across human and machine identities. By restricting access to sensitive systems and auditing all privileged sessions, PAM eliminates unmanaged administrative accounts and helps prevent attackers from using privileges to compromise the network.
Related Articles
“The Middle East has been an untapped market for us, but we’re going to change that.” – Rahul Misra, IFS
“AI has fundamentally changed the economics of cybercrime, and not in our favour.” – Isabelle Meyer, Zendata
“To ensure business continuity, leadership must shift mindset from prevention to structural resilience.” – Ivan Milenkovic, Qualys