CNME Editor Mark Forker spoke to Isabelle Meyer, Co-CEO and Co-Founder of Zendata, to find out how she thinks businesses across the Middle East region should respond in order to maintain business continuity, what new threats should we expect to see – and the way enterprises should leverage AI to help them combat and thwart cyberattacks.
Remote Work Returns: What Lessons From 2020 Must We Apply Now?
There’s a certain dark irony in the fact that the cybercriminal community appears to have a better crisis playbook than most Fortune 500 companies. When COVID-19 hit, they didn’t panic, they pivoted.
Within days, phishing kits were rebranded with pandemic themes, fake PPE suppliers flooded inboxes, and VPN vulnerabilities were being exploited at scale.
Today, as employees across the UAE dust off their home office setups once again, the threat actors are already ahead of the curve, and the fake airline support accounts and banking scams we’re seeing are just the opening act.
So what did 2020 teach us, and are we actually listening this time?
First, the VPN is not a security strategy, it’s a corridor. During the pandemic, organisations rushed to push everyone through VPN tunnels and called it “secure remote access.” What they actually created was a very long hallway with a lock only on the front door. The moment one endpoint was compromised, attackers had a motorway into the corporate network.
In 2025, Zero Trust Architecture is no longer a buzzword for conference panels, it is the baseline. Every user, every device, every session must be verified, regardless of where it originates.
In the UAE, where hybrid work has already become normalised post-pandemic, most enterprises should already have this in place. If they don’t, the time to act was yesterday.
Second, your employees are both your greatest vulnerability and your most powerful firewall. Second, your employees are both your greatest vulnerability and your most powerful firewall. The tourists being targeted by fake airline support accounts right now are falling for the same psychological playbook as the employee who clicked a “COVID update” link in 2020, urgency, fear, and a trusted brand name.
Businesses must invest in continuous, scenario-based security awareness training, not the annual checkbox exercise that nobody
remembers. When your workforce is stressed and distracted, as they are right now, attackers know that cognitive load is their best ally.
Third, patch your processes, not just your systems. Many breaches during COVID didn’t happen through exotic zero-day exploits. They happened because an employee used a personal laptop, accessed a corporate system, and nobody had a BYOD policy that covered a global pandemic.
Today, ensure that your Acceptable Use Policies, Incident Response Plans, and Business Continuity Plans have all been reviewed and updated to account for a rapid return to remote work.
Dust them off, stress-test them, and make sure your IT and security teams have a clear escalation path that doesn’t rely on physical presence.
The bottom line: The UAE’s digital infrastructure is among the most advanced in the world, and the nation’s cybersecurity posture, underpinned by frameworks from the UAE Cybersecurity Council and NESA, gives enterprises a solid foundation to build on.
The lessons of 2020 are well-documented. The only question now is whether business leaders treat this as a fire drill or a fire.
The Cyber Threat Landscape: What Attack Vectors Should We Expect?
If I were to sketch the threat actor’s whiteboard right now, it would look something like this: one part AI-powered phishing, one part brand impersonation, one part opportunistic ransomware, all blended together into what I’d call a “crisis cocktail.”
And like any good cocktail, the real danger is that it goes down smoothly before you realise how potent it is.
Let me break down what I believe will be the dominant vectors:
AI-Powered Spear Phishing will be the weapon of choice.
We are well past the era of badly spelled emails from Nigerian princes.
Today’s AI-generated phishing emails are grammatically flawless, contextually relevant, and deeply personalised. Attackers are scraping LinkedIn profiles, cross referencing corporate websites, and using large language models to craft messages that reference your boss by name, your company’s latest press release, and your industry’s current anxiety.
In a crisis environment, where an employee might receive a “critical IT security update, work from home protocol” email, the click-through rate is devastatingly high.
Brand impersonation of airlines, banks, and government entities is already happening, and the UAE’s status as a major international travel hub makes it a particularly rich hunting ground.
Emirates, flydubai, Air Arabia, these are household names that stranded travellers implicitly trust. Fake customer service numbers, spoofed WhatsApp accounts, fraudulent payment portals, these attacks are low-cost, high-yield, and require almost no technical sophistication.
They are crimes of opportunity dressed up in a familiar logo. Ransomware will follow disruption like a shadow. Historically, ransomware gangs are extraordinarily opportunistic.
When organisations are scrambling to re-establish remote access infrastructure at speed, security corners get cut. Unpatched systems, misconfigured
cloud environments, and overwhelmed IT teams create the perfect conditions for a ransomware deployment.
I would particularly flag the risk to mid-sized enterprises and critical infrastructure suppliers in the region, who may lack the dedicated security
operations capabilities of larger organisations.
The wildcard? OT and IoT attacks on smart infrastructure. The UAE has invested enormously in smart city technology, connected buildings, logistics systems, and critical utilities.
In a geopolitically charged environment, state-sponsored or state-adjacent threat actors may target operational technology as much as corporate networks.
This is where the current situation diverges most significantly from 2020, and where enterprises in energy, logistics, and government-adjacent sectors need to be especially vigilant.
AI as Both Weapon and Shield: And How Enterprises Must Respond
Here is the uncomfortable truth that every CISO in the region needs to hear: AI has fundamentally changed the economics of cybercrime, and not in our favour, yet.
Historically, a sophisticated, personalised cyberattack required skilled human operators, significant time investment, and meaningful resources. AI has democratised that sophistication.
Today, a moderately technically literate threat actor can use commercially available AI tools, some legitimate, some operating in darker corners of the web, to generate phishing campaigns, write malware, automate credential stuffing attacks, and even conduct reconnaissance on target organisations, all at a fraction of the previous cost and time.
The barrier to entry for high-quality cybercrime has collapsed. At ZENDATA, we see this reflected directly in our threat intelligence feeds. The volume,
velocity, and sophistication of attacks targeting organisations in the Middle East has increased markedly.
AI isn’t just enhancing existing attack types, it is enabling entirely new attack patterns that evolve faster than traditional signature-based defences can adapt to.
But here is where the narrative shifts, and where the opportunity lies.
AI is equally transformative on the defensive side, provided organisations are willing to invest in it intelligently. At the enterprise level, here are my key recommendations:
1. Fight AI with AI. Deploy AI-driven threat detection and response tools that can identify anomalous behaviour in real time, not just known threat signatures. Behavioural analytics, AI-powered SIEM platforms, and automated response capabilities are no longer optional extras. They are essential infrastructure.
2. Invest in Threat Intelligence that is regionally relevant. Generic, global threat feeds are insufficient for the UAE’s unique threat landscape. Organisations need intelligence that reflects the geopolitical context of the region, the specific sectors being targeted, and the TTPs (Tactics, Techniques, and Procedures) of threat actors operating in this environment. This is the difference between knowing that ransomware exists and knowing that a specific group is actively targeting logistics companies in the Gulf right now.
3. Conduct an emergency security posture review , today. Not next quarter. Today. Map your critical assets, identify your highest-risk remote access points, verify your endpoint protection is current, and confirm that your incident response team knows their roles if the worst happens.
4. Make business continuity a board-level conversation. Cybersecurity is not an IT department problem, it is a business risk that sits squarely in the boardroom. In a region where business confidence and reputation are deeply intertwined, a significant breach during an already volatile period can have consequences that extend far beyond the technical. Executives need to own this.
Click Here For The Original Source.
