GCC companies rethink cyber defences as AI phishing surges
Synthetic intelligence (AI) is reworking the cyber safety panorama throughout the Gulf Cooperation Council (GCC), forcing enterprises to rethink long-standing safety methods as attackers transfer past e mail and goal collaboration platforms, digital identities and even enterprise AI deployments.
The shift comes as analysis from KnowBe4 exhibits that 86% of phishing assaults at the moment are AI-driven, with menace actors more and more exploiting platforms similar to Microsoft Groups, calendars, Slack and messaging purposes to launch social engineering campaigns.
The findings align with a broader regional pattern already reshaping cyber funding priorities. Current conversations with Center East chief info safety officers (CISOs) reveal that id safety, AI governance and resilience-led safety fashions are quickly changing conventional perimeter-focused approaches as deepfakes, shadow AI and AI-enhanced phishing turn out to be operational realities.
“What has modified will not be solely the amount of assaults however their sophistication,” says Martin Kraemer, CISO adviser at KnowBe4. “Attackers are not attempting to interrupt programs, they’re more and more attempting to log in as reliable customers.”
Collaboration platforms emerge as the brand new assault floor
Electronic mail stays an necessary vector, however attackers are more and more following staff into the environments the place trendy work occurs. KnowBe4 highlighted a 49% enhance in calendar-based phishing assaults and a 41% rise in Microsoft Groups-related threats throughout the previous six months, underscoring how collaboration platforms have gotten enticing targets.
Based on the corporate, the behavioural dynamics of those instruments create best circumstances for abuse. “Collaboration instruments like Groups have the flexibility to speak with individuals exterior the organisation, however the overwhelming majority of contacts will truly be inside,” says Kraemer.
“This implies individuals usually don’t function with the identical stage of warning and rigour when speaking on the platform. We’ve got skilled ourselves to be suspicious of incoming emails, however customers are sometimes much less switched on when utilizing a lot faster-paced communications in chats.”
The issue is compounded by restricted visibility. “Attackers additionally know that collaboration instruments are a lot much less regulated and monitored. The vast majority of organisations haven’t but put the required instruments into place,” Kraemer provides. “As communication strikes from e mail to different channels, organisations ought to deal with these channels roughly the identical.”
For GCC organisations present process fast digital transformation – notably throughout the federal government, vitality, monetary companies and significant infrastructure sectors – this poses a big problem. Hybrid work fashions, cloud-first methods and increasing collaboration ecosystems have elevated publicity, whereas safety controls have struggled to maintain tempo.
Id turns into the brand new safety perimeter
AI-powered assaults are additionally exploiting belief relationships inside organisations. KnowBe4’s analysis discovered that 30% of assaults now contain inside impersonation, whereas reverse proxy methods designed to steal Microsoft 365 credentials have surged by 139%.
These assaults depend on faux portals that completely imitate reliable login experiences, making detection more and more troublesome. “The stealing method depends on proxy portals that look precisely like the true factor however are designed to steal credentials from the precise login course of,” Kraemer explains. “The one giveaway is likely to be the area identify.”
Consequently, organisations are being inspired to strengthen human verification expertise alongside technical controls. “Practice staff in area verification,” the corporate advises.
Distant working environments require extra safety
Throughout the GCC, CISOs are more and more directing investments in the direction of identity-first architectures, adaptive entry administration and AI-enabled detection programs able to recognising anomalous behaviour in actual time. The pattern displays wider issues throughout the area that stronger impersonation capabilities, together with deepfake audio and video, are eroding conventional belief assumptions.
KnowBe4 states: “Encourage staff to make use of VPN [virtual private network] connections when working remotely in order that community site visitors evaluation and monitoring can catch uncommon exercise, as malicious proxies try to leak credentials externally. Be certain that community monitoring is ready to detect associated ways, methods and procedures.”
Shadow AI creates a second safety problem, whereas enterprises are additionally grappling with dangers posed by AI adoption itself. As organisations throughout the Gulf speed up AI initiatives in authorities companies, sensible cities, vitality operations and enterprise automation, staff are more and more utilizing GenAI platforms which will introduce new assault surfaces or amplify the danger of knowledge leakage.
KnowBe4 argues that safety leaders want clearer governance frameworks relatively than blanket restrictions. “Outline clear utilization insurance policies throughout three classes: inexperienced, amber and crimson,” the corporate says.
“For the inexperienced class, organisations ought to use company monitoring and logging instruments to safe accepted purposes whereas educating customers on info dangers. Amber instruments ought to be out there solely to customers with superior utilization approvals. Purple-category instruments ought to be prohibited, whereas clearly figuring out acceptable options.”
Monitoring AI exercise ought to mirror privileged entry administration approaches. “Set up logging and monitoring for anomaly detection the identical method you’d deal with privileged human accounts,” Kraemer provides. “Provision agent credentials utilizing least-privilege rules.”
Rising investments as GCC cyber maturity evolves
The GCC cyber safety market has entered an funding cycle pushed by AI-enabled threats, digital sovereignty programmes and large-scale nationwide transformation initiatives.
Governments throughout the area proceed to speculate closely in cyber resilience, whereas enterprises are increasing budgets for id safety, AI governance, safety operations automation and menace intelligence capabilities.
Safety operations centres are additionally evolving. Analysts more and more count on AI-assisted or agentic SOC fashions to turn out to be mainstream, enabling human groups to oversee automated investigation and response workflows that function at machine velocity.
The target is not merely prevention – as an alternative, GCC organisations are transferring in the direction of resilience-first safety methods constructed round steady verification, id safety and quicker detection.
As attackers exploit collaboration platforms, AI instruments and trusted identities, the Gulf’s cyber leaders seem like reaching a typical conclusion: within the AI period, safety is turning into much less about defending networks and extra about defending individuals, behaviour and belief itself.
