t cht lk
t cht lk
How should businesses secure applications against fast-evolving, intelligent attacks?
How is threat hunting evolving in the Middle East, and what challenges hinder early threat detection?
Application security is a perfect example of where a proactive mindset is needed. Many businesses still treat security as a final checklist item – something you do just before an app is released. This is too late.
The biggest hurdle is human capital. You can invest in the most advanced tools and platforms, but they ' re ineffective without skilled analysts to interpret the data and make the right decisions.
We advocate a DevSecOps approach – security built into every development lifecycle stage. That means scanning for vulnerabilities as the code is written, training developers on secure coding practices, and automating testing throughout the pipeline.
There’ s a global skills gap in cybersecurity, and the Middle East is no exception. We need more trained professionals who understand how to use tools and think like attackers, correlate complex threat patterns and respond under pressure.
Fixing vulnerabilities in the early stages is more secure and vastly more cost-effective. If a security flaw is caught just before launch – or worse, post-launch – it becomes a major headache. But if the developer sees it in real-time and addresses it immediately, it never becomes a problem.
Our message to businesses is clear: treat security as part of the development process, not an afterthought.
Can you share a real-world example where PT Network Attack Discovery helped stop a cyberthreat?
One common scenario concerns hidden threat actors – individuals or groups that breach a network and lie dormant for extended periods. There’ s a misconception that hackers are always fast and aggressive. In reality, many prefer to stay undetected for months or even years.
What’ s encouraging is that many organisations here are starting to understand this and are investing in training and capacity-building. We need partnerships with universities, continuous upskilling programmes, and mentoring the next generation of cybersecurity experts.
How does MENA’ s cybersecurity maturity compare globally, and where can it improve?
The region is on a very promising trajectory. The UAE, in particular, has shown remarkable foresight in implementing national cybersecurity strategies, setting up regulatory bodies and promoting best practices.
There’ s room for growth in operational execution – things like incident response readiness, red teaming capabilities and cross-sector collaboration – but the fundamentals are being implemented.
In one case, a client noticed a massive spike in their cloud bill. Upon investigation, we discovered that their infrastructure had been compromised. Attackers had spun up a separate, cloned environment to mine cryptocurrency. The client wasn’ t even aware because operations weren’ t disrupted – until the bill arrived.
We also see an opportunity to enhance regional collaboration – sharing threat intelligence across borders, harmonising standards and learning from one another’ s experiences.
What were your main goals and expectations for GISEC 2025?
This is where our Network Attack Discovery Tool helps. It’ s designed to detect these stealthy intrusions – behavioural anomalies, unusual east-west traffic, privilege escalations – before damage is done. We’ ve seen it detect threat actors who have been present in systems for over five years, silently harvesting data or selling access on the Dark Web.
We’ ve also found that, on average, attackers take just five days to gain full administrative access once inside. So, the response window is small. Early detection is everything.
At GISEC this year, we showcased some advanced live demos – one of which demonstrated how a laptop can be accessed without knowing the password using a fault injection technique. We also run hands-on workshops on DMA attacks and other cutting-edge threats.
We see GISEC as a place where professionals can speak to professionals. It’ s not just about products – it’ s about building the community, sharing what works and collectively raising the bar for cybersecurity across the region. p
www. intelligentcio. com INTELLIGENTCIO MIDDLE EAST 79