AI-powered cyber threats outpace defenses in Middle East, warns Zain security chief

The Middle East’s cybersecurity landscape is undergoing a dramatic transformation as AI-powered threats evolve faster than defense mechanisms. In an exclusive interview, Zain Group’s Chief Risk Officer reveals how nation-states and criminal groups are leveraging AI to launch sophisticated attacks against critical infrastructure, telecommunications networks, and supply chains across the region. This escalating cyber arms race coincides with a crippling talent shortage, highlighting the need for collaborative security approaches as Middle Eastern countries push forward with ambitious digital transformation initiatives.

The big picture: Middle Eastern organizations face increasingly sophisticated cyberattacks as the region accelerates digital transformation through smart cities, AI adoption, and mega-projects.

• Recent incidents include a massive 300 Gbps DDoS attack that temporarily crippled connectivity services in a GCC country, according to Abdul Ghaffar Setareh, Group Chief Risk Officer at Zain Group.
• Attackers are now deploying attack volumes 15 times larger than what defensive systems were previously designed to handle.

AI as a weapon: Artificial intelligence has transformed from an innovation tool into a sophisticated weapon in the cybercriminal arsenal.

• Hackers are using generative AI to craft hyper-targeted phishing campaigns, spread disinformation, and automate attacks on telecom networks.
• “AI is no longer just a tool for innovation, it’s a weapon,” warns Setareh, highlighting the dual-use nature of the technology.

Supply chain vulnerabilities: One of the most significant threats comes from ransomware gangs exploiting third-party vendors to breach otherwise secure systems.

• Setareh’s team recently thwarted an extortion attempt targeting one of Zain’s third-party suppliers, demonstrating the interconnected nature of cyber risks.
• Historical incidents like SolarWinds and Kaseya (2020-2021) exemplify how hackers can inject malicious code into software updates, potentially affecting thousands of organizations simultaneously.

The talent crisis: Despite increasing cybersecurity investments, organizations struggle to find and retain qualified security professionals.

• Middle Eastern organizations plan to increase cybersecurity budgets by 11% in 2025, yet 45% lack skilled teams to deploy solutions effectively.
• The region faces a widening cyber skills gap, with ethical hackers and threat analysts in particularly short supply.

Leadership divide: A strategic disconnect exists between technology and security executives regarding AI adoption.

• “CIOs see AI as a growth engine, while CISOs view it as a possible backdoor for breaches,” explains Setareh, highlighting conflicting perspectives within executive teams.
• This division complicates the development of cohesive security strategies that balance innovation with protection.

Collaborative approach: Security leaders emphasize that no organization can effectively combat modern cyber threats in isolation.

• Zain Group employs “ethical hackers” to monitor the dark web for threats targeting the company or its customers.
• Partnerships with global security providers like Huawei are central to Zain’s strategy to protect its 49 million customers while supporting regional digital transformation.

Market growth: The Middle East’s cyber threat intelligence market is positioned for substantial expansion in coming years.

• The regional market is projected to exceed $31 billion by 2030, reflecting growing awareness of cybersecurity’s critical importance.
• This growth represents both challenges and opportunities for security providers and their customers.