By Diego Arrabal, Vice President, Eastern Europe, Middle East and Africa, Check Point Software Technologies
Across the world, cyber resilience has traditionally been discussed through a relatively narrow lens – protecting government platforms, critical services and public-facing digital infrastructure from direct disruption or interference. But the threat landscape has become fundamentally more complex.
It is moving beyond systems alone and into the wider digital environment where public opinion is shaped, confidence is built and trust in institutions, identities and services is established.
In the Middle East, this shift carries its own weight. The region may not share the same electoral dynamics as Europe or the United States, but it is far from immune to politically motivated cyber activity. In fact, the Middle East has a unique stake in this conversation because of its ambitious digital transformation agenda, connected populations, expanding digital services and growing adoption of AI technologies across both the public and private sectors.
The objective for threat actors is no longer simply to compromise a system. It is to compromise confidence.
A Threat Landscape Where Trust Is the Target
The evolution is already visible. Cyberattacks are no longer limited to disruption, espionage or financial gain. Threat actors are now combining technical compromise with efforts to exploit trusted channels, manipulate perception and create uncertainty. The result is a threat landscape where attacks target not only systems and data, but also the digital trust that underpins institutions, information, identities and connected services.
The impact across the region is significant. Organizations in the Middle East experienced an average of 2,554 cyberattacks per week over the past six months, compared to a global average of 2,078. At the same time, 77% of malicious files delivered in the region arrived through email, while information disclosure vulnerabilities impacted 71% of organizations. These figures reveal an important reality: attackers are increasingly targeting the channels through which trust is established, identities are verified, information is exchanged and decisions are made.
When attacks move at this volume and velocity, and when AI is compressing the time between vulnerability disclosure and exploitation from months to hours, detection alone is no longer sufficient. Organizations need a prevention-first posture that stops threats before they cause disruption, not one that alerts after the damage has already begun.
Digital Trust and National Confidence
Across the region, public trust is closely linked to confidence in national institutions, economic reform, public services, digital government initiatives and the broader digital experiences through which citizens engage with them. When a ministry announces a new policy, when a government launches a national programme, or when a regional crisis unfolds, citizens increasingly receive, interpret and respond to information through digital channels.
This means the digital layer surrounding governance is no longer separate from governance itself. It has become part of how trust is built and maintained.
If that layer is manipulated, the consequences can quickly move beyond traditional cyber risk into reputational, societal and institutional risk. A cloned website can impersonate a trusted institution. A compromised email account can be used to amplify misleading information. A stolen credential can exploit an established relationship of trust. A convincing deepfake can create confusion precisely when clarity is most needed.
None of these scenarios necessarily require direct access to critical systems. They require access to attention, credibility and trust. This is what makes the challenge fundamentally different.
The Mechanics of Influence
Influence operations succeed because they exploit speed, emotion and uncertainty. In moments of regional tension, economic pressure or policy change, false information can travel faster than verification. By the time a correction is issued, the damage may already be done. Screenshots circulate. Social media and messaging platforms amplify rumours. Anonymous accounts shape narratives. AI-generated content adds a new layer of realism that makes manipulation more difficult to detect. The objective is often not to convince everyone of a falsehood, but to create enough doubt that trust in reliable information begins to erode.
For governments and organizations across the region, this creates a new resilience challenge, one that cannot be solved by technical controls operating in isolation.
A New Resilience Framework
Cyber security can no longer be viewed as a purely technical discipline owned exclusively by IT teams or security operations centres. It now sits at the intersection of national security, information integrity and public confidence. Technical compromises increasingly serve broader influence objectives, blurring the line between cyber incidents, identity abuse and information operations.
This is particularly relevant in the Gulf, where national visions are accelerating investments in AI, digital identity frameworks, cloud platforms, smart cities and connected infrastructure. These initiatives create enormous economic and societal value, but they expand the digital surface across which trust must be established and maintained.
As digital transformation accelerates, trust itself has become a critical dependency. The success of a digital service, an AI-powered platform, a digital identity programme or a public-sector innovation depends on whether people trust the information, identities and systems behind it. Protecting that trust requires a unified, prevention-first approach, one that treats security not as a collection of disconnected tools but as an integrated architecture that shares intelligence across every layer of the digital estate.
Five Priorities for the Region
The Middle East’s response must be proactive, and it must reflect the reality that fragmented, reactive security cannot protect digital trust at scale.
1. Reduce exposure continuously, not episodically
Organizations need far more than periodic vulnerability assessments. They need a clear, continuous understanding of their external digital footprint, including public-facing assets, executive identities, cloud environments, third-party relationships and communication channels. Unknown or unmanaged exposures create opportunities for attackers to impersonate trusted entities, exploit vulnerabilities and establish infrastructure for future campaigns. The goal must shift from visibility alone to measurable, continuous risk reduction, closing the gap between knowing about an exposure and acting on it before attackers do.
2. Strengthen identity and workspace security
Email, collaboration platforms, digital workspaces and cloud applications have become the primary attack surface for modern organizations and the primary surface through which trust is delivered. The workspace is where humans interact with AI, with each other, and with sensitive data.
When a trusted identity is compromised, the impact often extends beyond a single account; it influences decisions, enables deception and undermines confidence in legitimate information and services. AI has made phishing faster, more personalised and virtually indistinguishable from legitimate communication which means prevention must be embedded directly into email, endpoint, browser and collaboration layers as a unified capability, not managed as separate, siloed tools.
3. Safeguard information integrity
Governments and major institutions need clear mechanisms for verifying official information before a crisis occurs. Citizens, employees and stakeholders should have clear ways to distinguish authoritative information from misleading content. In an environment where AI can generate convincing synthetic content at scale, the ability to establish authenticity becomes essential. This is not only a communications challenge; it is a security architecture requirement.
4. Break down operational silos through a unified security approach
Influence campaigns rarely operate within a single domain. A phishing email, a compromised identity, a cloned website, an AI-generated video and a coordinated social media campaign may all be components of the same operation. Effective defence requires shared intelligence, coordinated responses and unified visibility across traditionally separate environments. When signals from network, cloud, workspace and external threat intelligence are viewed in isolation, critical context is missed. Organizations that unify policy, intelligence and enforcement across their entire security estate, rather than managing disconnected tools, are far better positioned to detect and prevent multi-vector campaigns before they achieve their objective.
5. Treat AI as both a transformation enabler and a security imperative
The same technologies enabling governments and organizations to innovate faster, deliver smarter services and unlock new efficiencies can also be exploited to scale deception, automate reconnaissance and increase the sophistication of influence campaigns. AI is now embedded across both sides of the equation. Securing the AI transformation means protecting employee AI usage, AI-powered applications, autonomous agents and the infrastructure that runs them while simultaneously using AI to strengthen defence, detect synthetic content, identify abnormal behaviour and accelerate response. Organizations that treat AI security as a separate workstream from their broader cyber strategy will find themselves exposed on both fronts.
