Edgard Capdevielle, CEO of Nozomi Networks, shares pressing global and regional insights on the evolution of cyber threats, AI’s dual role in defense and offense, and the urgent need to secure operational technologies across sectors, with tahawultech.com.
Interview Excerpts
What has been the most significant shift in cyber threats targeting critical infrastructure globally over the past 12 to 18 months, and how has AI evolved in both offensive and defensive strategies?
Cyber threats targeting critical infrastructure have become increasingly sophisticated and relentless. Global tensions and geopolitical conflicts often coincide with a surge in cyber activity—ransomware, for example, has grown rampant. AI plays a central role in both attack and defense. Threat actors leverage AI for reconnaissance, social engineering, and code development, while defenders are integrating AI to detect anomalies, enhance visibility, and respond to threats. At Nozomi Networks, our entire platform was built at the intersection of AI and OT security, enabling advanced protection for industrial systems
What advanced attack tactics are you observing, and how can infrastructure operators defend against these emerging threats?
One major development is the increasing exploitation of the wireless attack surface, particularly in OT and IoT environments. Attackers can now access systems remotely, even from outside facilities like parking lots. Additionally, “living off the land” attacks—where threat actors exploit legitimate system tools—are hard to detect. Criminals and nation-state actors use AI to craft zero-day exploits and personalised phishing attempts. To counter these threats, we’ve introduced wireless sensors to broaden visibility and defense.
What are the top three emerging threats that critical infrastructure operators need to prepare for, and how can AI help mitigate these risks?
- Ransomware: It has leveled the playing field, making even non-financial sectors prime targets.
- Wireless Attacks: Wireless infrastructure can now be exploited externally, bypassing traditional firewall defenses.
- AI-driven Threats: AI enables highly targeted and automated attacks.
“AI helps mitigate these risks by enhancing real-time monitoring, predictive analytics, and adaptive threat response across sectors including energy, tourism, and manufacturing.”
How have regional challenges in the Middle East and Africa impacted the cybersecurity posture of critical infrastructure? Are there specific sectors at heightened risk?
The GCC region’s dependence on critical sectors like oil, gas, water, and energy, combined with ongoing digital transformation and IT-OT convergence, has expanded the attack surface. There’s an influx of both cyber criminals and nation-state actors. While the region is advancing in cybersecurity maturity, challenges persist due to legacy OT systems interacting with modern IT, often with inadequate protection.
What role do regional regulations and cybersecurity frameworks play in securing critical infrastructure, and how can these be improved?
Regulatory bodies across the GCC are becoming more proactive. The UAE’s National Cybersecurity Strategy and Saudi Arabia’s ECC framework under the NCA are setting foundational standards. Cross-country cooperation is also growing. However, regulations should go beyond compliance and push for proactive risk management. The focus must shift from incident response to predictive protection, supported by a shared risk language across sectors.
Is there a gap between the sophistication of cyber threats and the preparedness of critical infrastructure operators in this region? How can this gap be addressed?
For years, financial and retail industries evolved in lockstep with cybercriminals, while critical infrastructure lagged behind. Operators now face nation-state-grade threats without the legacy of security investment or practices. Bridging this gap requires not just technical upgrades but cultural and budgetary shifts—security must become embedded into every layer of operations.
