By Christian Reilly, Field CTO EMEA at Cloudflare
Cloudflare’s research shows that a staggering 78% of business leaders in the MET (Middle East and Türkiye) region expect their organizations to be hit by a cyberattack within the next year. But, despite these concerns for the near future, the same study shows that only 46% of those leaders believe they are adequately prepared to handle such an incident.
Cybercrime will cause almost 14 trillion US dollars in damage annually by 2028. AI-driven attacks, supply chain risks, credential stuffing by bots and quantum computers threats are forcing IT security teams to innovate. Which technologies offer protection and how can companies secure their digital future?
The threat situation in cyberspace is becoming increasingly complex and requires innovative approaches and close cooperation between companies, governments and technology providers.
Cybercrime is a burden on the global economy. According to forecasts by Statista, global costs are expected to rise by around one percent annually and reach 13.82 trillion US dollars by 2028.
Due to rapid technological advances, particularly in the field of AI, hackers are now acting with increasing flexibility and sophistication. This is leading to a drastic change in the security landscape, the serious consequences of which are reflected in state-sponsored attacks and attacks on critical infrastructure.
When it comes to overcoming the current security requirements, challenges remain that can only be overcome by working together.
AI – Opportunities and Risks
While AI offers companies in the region new opportunities to optimize processes, it also harbors considerable risks. Its use enables cyber criminals to circumvent detection rules and carry out tailored phishing campaigns or automated attacks. At the same time, companies, especially in Gulf Cooperation Council (GCC) countries are under pressure to integrate AI quickly and train their staff at the same pace. Security teams need to protect AI models to secure sensitive data and ensure operational stability, often with very limited budgets and resources.
With the help of automated phishing identification systems, companies are able to effectively counter this threat. These systems are designed to improve the speed and accuracy of threat detection while being scalable and resource-efficient. By using machine learning and heuristic rules, suspicious URLs and websites can be accurately identified, even if they appear inconspicuous to other security solutions. Cloudflare’s phishing identification system automatically resolved nearly 80 percent of phishing reports in the second half of 2024. Such technologies are crucial to staying ahead of attackers in rapidly digitizing economies like the UAE and Saudi Arabia.
“Blind Spots” and a Growing Attack Surface
The increasing shift to remote working, cloud migration, and digital transformation across the Middle East has significantly expanded the attack surface. This development creates security gaps that can be quickly exploited by threat actors. Particularly problematic are “blind spots” where security managers do not have sufficient visibility. Without clear insights into these areas, it remains difficult to detect and ward off threats at an early stage.
Complexity as the Enemy of Security
Another major obstacle to effective cyber security is the increasing complexity of modern IT environments. Companies are struggling with fragmented technology stacks, multi-cloud architectures and a lack of qualified security experts. These factors complicate situational awareness and increase operational overhead. At the same time, complexity hinders the ability to modernize security measures. Without integrated platforms that provide comprehensive protection and visibility, it remains a challenge for security teams to respond appropriately to threats.
Supply Chain Attacks – An Underestimated Threat
Security incidents in the supply chain are another growing problem in the Middle East. Third-party vulnerabilities can ripple through the entire digital ecosystem and cause significant damage. Security teams must therefore consider risks that extend far beyond their immediate sphere of influence. This requires a holistic view of all dependencies in the technology stack, particularly relevant for sectors like energy and logistics where regional players are deeply interconnected.
The Role of Bots and Leaked Credentials
Bots play a key role in amplifying attacks such as credential stuffing, a method in which leaked credentials are used to gain unauthorized access to systems. According to Cloudflare’s study results, 95 percent of login attempts with stolen passwords come from bots. Platforms such as WordPress are particularly affected, an environment in which 76 percent of these attempts are successful.
Another problem is the reuse of compromised passwords. As the latest research by Cloudflare researchers shows, 41 percent of successful logins to websites within their network are made using stolen credentials. These figures underline the urgent need for stronger protective measures such as multi-factor authentication (MFA) or rate limiting.
Post-Quantum Security: A New Era of Cryptography
With the advent of quantum computers, internet security is facing a fundamental change. Cryptographic methods in particular need to be adapted to this new technology, as conventional encryption methods could easily be cracked by quantum computers. However, initiatives such as the collaboration between NIST, Microsoft, and Cloudflare give hope for robust solutions to this challenge.
The Fight Against Cybercrime Requires Innovation
The threat situation in cyberspace is becoming increasingly complex and requires innovative approaches and close cooperation between companies, governments and technology providers. This is because the “defender’s dilemma” is becoming increasingly acute: cyber criminals only need one successful attack to achieve their goals, while companies must be able to fend off every single attack in order to maintain business operations and protect data.
Automation, AI-driven detection systems and stronger protection measures are crucial to stay ahead of attackers. At the same time, long-term strategies must be developed to prepare for technological developments such as quantum computing.
As part of its “Security Week 2025”, Cloudflare demonstrated a way for companies to proactively combat cyber threats within its Connectivity Cloud with initiatives and solutions for phishing defense and securing political campaigns. But ultimately, cybersecurity remains a shared responsibility, only through collective efforts can the internet be made more secure.
