The Human Layer Is Now the GCC’s Biggest Cyber Vulnerability

News

1. IPO Move by SpaceX Sets Stage for Musk to Become World’s 1st Trillionaire

2. Iran Attacks Amazon’s Cloud Business in Bahrain, Report Claims

3. OpenAI Raises $122B in Funding Round, Valuation Hits $852B

4. IRGC Threatens 18 US Firms as Middle East Conflict Deepens

5. IMF Sounds Alarm on Global Growth as Middle East Conflict Escalates

6. 92% of the UAE Stores Personal Data Digitally, Risking Breach Without BackUp

During times of geopolitical tension, the difference between physical and digital conflicts fades. The ongoing US-Israel war has made the Gulf’s digital infrastructure an active frontline. Now, cyber threats are more intense and target civilians, businesses, and governments.

In the past, state-backed attackers mainly targeted high-value organizations for espionage or sabotage. Now, they exploit the weakest and most vulnerable nodes in the system: individuals, remote workers, and digitally dependent populations.

A Redistribution of Risk Toward Everyday Users

Cybersecurity has traditionally centered on national infrastructure and enterprise resilience. Yet recent developments across the GCC suggest a redistribution of risk toward everyday users. Now, with heightened regional tension, authorities in the UAE have warned of a surge in fraudulent communications impersonating official entities. Emails and messages posing as emergency notifications or government advisories are designed to exploit trust.

“Any scam requires urgency, fear, uncertainty, and doubt to succeed. If stress levels and emotions are high, people are less likely to engage in rational thinking,” says Martin J. Kraemer, CISO Advisor at KnowBe4 for Europe & Middle East. “Such is the case during uncertain times when people sometimes have to worry about their safety and security. This makes everyone particularly vulnerable.”

Attackers increasingly leverage AI to expand both the scale and sophistication of their attacks. Rich Marcus, CISO at Optro, says, “Scammers’ use of AI enables them to exponentially increase the reach, scale, and effectiveness of their attacks in ways that were never cost-effective before.” 

Marcus adds that attackers trawl public information to collect private details about a target organization, giving employees complete confidence in requests. “They use spoofing with look-alike email addresses, and even deploy deep fakes—impersonating senior leaders via AI-generated audio or video to pressure employees into bypassing normal controls.”

This shift mirrors broader trends identified in the HPE Threat Labs 2026 In the Wild report. After studying 1,186 active threat campaigns in 2025, HPE found that cybercrime is now industrialized. Attackers use organized methods, automation, and old security gaps to reach important targets faster than defenders can react.

Government organizations were the most targeted globally, with 274 campaigns spanning federal, state, and municipal bodies. Finance and technology followed closely, reflecting attackers’ sustained focus on sensitive data and financial gain.

UAE National Alerts and Impersonation Scams

Official UAE authorities have moved swiftly to counter impersonation attacks. The Ministry of Interior and the UAE Cyber Security Council (CSC) caution residents against messages requesting personal data, particularly those mimicking missile alerts or other emergency notifications.

Dr. Kraemer says that people in the UAE are currently receiving threat alerts about incoming missiles. “Over the weeks, we all have become heavily reliant on them, often counting the number of days since the last notification as an indicator of safety.”

He adds that threat actors can exploit this dependency by sending fake messages urging people to confirm their phone numbers and identities using UAE Pass. “The UAE CSC advises that threat alerts are received automatically—no sign-up is necessary, highlighting the risk of identity theft.”

Marcus emphasizes the sophistication of these campaigns: “Attackers use fingerprinting to collect personal and organizational information, giving requests credibility. They employ spoofing with lookalike email addresses and deploy deepfakes of senior leadership. This creates management pressure, giving employees confidence to bypass finance controls.”

The HPE report supports these findings. In 2025, attackers used over 147,000 harmful websites, nearly 58,000 malware files, and exploited 549 security weaknesses. Automation and AI helped them act quickly, reach more people, and focus on key sectors such as national infrastructure and the economy.

Remote Work is Expanding the Attack Surface

Hybrid and remote work have widened the GCC’s digital boundaries. Employees using home networks and personal devices face risks that company security cannot always cover.

Kraemer says home network security, as urgently highlighted by the UAE CSC, needs improvement. “That includes router and network security. Cameras must be configured with strong passwords. Voice assistants and other recording devices should be switched off.”

Remote work complicates traditional security measures. Marcus says, “Remote work arrangements create challenges around developing security-aware cultures, reinforcing reporting behaviors, and increasing the effort required to validate or invalidate suspicious requests.”

He says employees must always verify financial instructions through secondary channels, such as secure messaging or a call-back to a previously known number. “Multi-person approval must be required for all wire transfers and special authorizations for transfers above established thresholds.”

Apps like WhatsApp and Microsoft Teams are increasingly exploited because corporate security tools do not always protect these channels. Kraemer says, “Corporate messaging services are much less regulated and monitored compared with email. Scams are more likely to appear in front of users than emails filtered through DMARC and SPF checks. People are trained to spot phishing emails more than social engineering attempts over messaging. Generally, people consider corporate messaging more trustworthy because they have had less exposure to it.”

He adds that criminals jump between media, launching multi-channel attacks. “For example, an email might include a QR code for a WhatsApp chat. This leaves the monitored email channel for a casual, less-monitored platform. People are more inclined to trust WhatsApp than email.”

AI, Threat Intelligence, and the Human Factor

AI is both a tool for attackers and defenders. Marcus says email filtering and corporate communication security are benefiting massively from AI techniques. “Tools like Abnormal AI improve the detection of social engineering-based messages. This is an arms race, and defenders will need AI-based tactics to keep up.”

Yet AI adoption introduces new vulnerabilities. “You can no longer rely on protecting internal networks only. Supporting remote work requires moving security controls to each individual and their devices. Many security processes, like DLP and intrusion detection, must move to endpoints, or even browsers, to detect risks like exfiltration of sensitive data,” adds Marcus.

While a comprehensive “AI kill switch” is not practical, Marcus emphasizes protecting critical assets: “AI is integrated across many enterprise applications and would be extremely difficult to disable. It’s more important to identify where crown-jewel data assets are stored and have a way to isolate those systems in the event of an incident.”

The HPE report highlights how AI and automation accelerate attacker operations, enabling campaigns to run with industrial efficiency and often exceeding defenders’ capacity to respond in real time. Attackers even used automated “assembly line” workflows to exfiltrate data via platforms like Telegram and leveraged generative AI for deepfake video-phishing campaigns targeting executives.

Building Resilience in the GCC

Kraemer stresses that resilience begins with individual awareness: “Don’t trust any message that has a different look. Don’t trust unexpected messages. Always consult friends or find a phone number on an official website before acting on any request.”

Marcus underscores organizational preparedness: “GCC firms should invest in frequent training on phishing and social engineering, including deep fakes. AI governance is critical: organizations need tools to discover, inventory, and assess the risks of AI use cases. Incident response plans must ensure rapid detection and reporting, increasing the chance to recover stolen funds or prevent further losses.”

Organizations must break down silos by sharing threat intelligence, patching frequently exploited entry points, applying zero-trust principles, extending security beyond the corporate perimeter to home networks, third-party tools, and supply chains.

Marcus says that threat actors will attack anyone who can provide leverage toward political or economic goals. “Corporate and government systems may seem more lucrative, but compromising individuals often provides a stepping stone to larger objectives.”

The cyber landscape in the GCC has changed. Conflict-driven cyber risk now affects everyone, not just governments or critical infrastructure. These threats are widespread and part of daily life. For businesses, policymakers, and citizens, cybersecurity is now a shared responsibility that depends on technology, behavior, and trust.

The next cyber attack might not be a complex server breach but a simple message sent to someone’s phone. Today, being resilient means staying aware and double-checking messages, not just relying on firewalls or AI security tools.