As cyber threats become faster, more targeted, and deeply entwined with global instability, organizations are being forced to rethink how they defend their digital frontlines. In this exclusive Dubai Diaries interview, Deryck Mitchelson, Head of Global CISO Team and C-Suite Advisor at Check Point Software Technologies Ltd, unpacks the most urgent shifts in the cyber threat landscape—from the convergence of hacktivism and cybercrime to the rise of AI-powered disinformation and industrial-scale ransomware. With weekly attack volumes soaring across the Middle East and critical infrastructure now in the crosshairs, Mitchelson offers pragmatic insights for CISOs and business leaders looking to navigate today’s unpredictable digital terrain with intelligence, speed, and resilience.
How have cyber threats evolved in recent months, and what are some of the most concerning trends your team has observed globally?
Cyber threats have grown not only in volume but in speed, precision, and impact. In Q2 2025, organizations faced an average of 1,984 attacks per week, a 21% year-over-year increase and 58% more than two years ago. The education sector was the most targeted, with over 4,300 weekly attacks per organization, followed by government and telecommunications. These sectors remain vulnerable due to their reliance on sensitive data and systems essential for societal functioning.
Europe experienced the sharpest increase in attacks, up 22% year-over-year, fuelled by geopolitical instability and regulatory fragmentation. Ransomware continues to evolve, with threat actors shifting from encryption-based attacks to data-leak extortion, increasing pressure on organizations to pay without traditional system lockdowns. This shift underscores the need for proactive defence strategies that combine threat prevention, visibility across hybrid environments, and automated response capabilities. A fragmented or reactive approach is no longer sustainable—real-time prevention is now critical to resilience.
What role are hacktivist groups and cybercrime syndicates playing in today’s threat landscape, and how are their methods changing?
Hacktivism and cybercrime have begun to merge in dangerous ways. What were once distinct motivations—ideological vs. financial—now often overlap. Many threat groups are either politically aligned, state-sponsored, or opportunistically exploiting crises to cause maximum disruption. Their tools are evolving rapidly: artificial intelligence is now used to automate phishing attacks, generate deepfakes, and power misinformation campaigns. Botnets amplify these efforts by pushing narratives across social platforms, blurring the lines between propaganda and cyberwarfare. Ransomware-as-a-service remains prevalent, though more fragmented, with an emphasis on stealing and leaking data rather than encrypting it. This convergence creates an unpredictable landscape—one where a single attack can serve multiple objectives, from extortion to public manipulation. Security teams must become more intelligence-driven, with threat-informed strategies that adapt as fast as attackers innovate.
We’ve seen a rise in attacks targeting critical infrastructure and civilian services. Why are these sectors increasingly vulnerable, and how can organizations build better defenses?
Critical infrastructure is under siege because it often runs on outdated or poorly segmented systems, where even minor disruptions can have cascading effects. Sectors like healthcare, energy, logistics, and transportation are especially vulnerable due to their operational urgency and legacy technologies.
Attackers exploit weak links like unsecured IoT devices, misconfigured cloud services, and IT/OT convergence points, which often lack the visibility and isolation necessary to stop lateral movement. These attacks are not always financially motivated—they are increasingly used to create fear, sow distrust, or destabilize essential services.
To counter this, organizations must implement layered security that spans both legacy and modern systems. This includes network segmentation, real-time monitoring, and frequent testing of incident response plans. Modernization of outdated systems is vital—but equally important is deploying AI-driven detection and enforcement across every layer of the infrastructure.
Can you shed light on how cyber disinformation and psychological operations are being used to influence public perception or disrupt normalcy?
Disinformation has become a key tactic in the digital arsenal of cyber actors. Coordinated campaigns blend real-world cyberattacks with fabricated narratives, using doctored images, fake news stories, and AI-generated content to manipulate public opinion and sow confusion. These operations often coincide with ransomware leaks or DDoS attacks to create the illusion of credibility. The goal is to erode trust in institutions—governments, media, financialsystems—by making it harder for people to distinguish truth from fiction. Real-time detection is a major challenge: disinformation spreads faster than organizations can fact-check or respond. To stay ahead, cybersecurity and communications teams must collaborate closely, monitoring digital ecosystems proactively and acting quickly to counter false narratives before they take root.
Many cyberattacks now exploit everyday devices and unpatched systems. What should businesses and individuals be doing to reduce their attack surface?
Attackers continue to exploit the fundamentals: unpatched systems, outdated devices, misconfigured services, and weak user credentials. As hybrid work environments expand, so too does the attack surface—from personal devices to cloud-based collaboration platforms. In the Middle East, 88% of malicious files are delivered via email, and Information Disclosure remains the most exploited vulnerability, affecting 73% of organizations. For businesses, the first step is comprehensive asset visibility—knowing what’s connected, what’s exposed, and what’s vulnerable. This must be paired with strict access controls, consistent patching, secure cloud configurations, and real-time threat prevention. On the individual level, multi-factor authentication, software updates, and skepticism toward suspicious links remain critical. But above all, organizations must move away from siloed tools and adopt integrated platforms that enforce consistent security policy across endpoints, networks, cloud, and users.
With the increasing complexity of attacks, how important is it for organizations to invest in employee cybersecurity training and multi-layered defense strategies?
Employees remain both an asset and a liability in cybersecurity. Most breaches start with human error—clicking a phishing link, reusing weak passwords, or falling for social engineering. That’s why awareness programs must be continuous, adaptive, and role-specific. But human vigilance isn’t enough. Organizations must build multi-layered defenses that catch what users miss. Email filtering, endpoint protection, behavioral monitoring, and AI-based detection must work in concert—not as isolated tools. Embedding security into the culture of the organization is essential. That includes regular drills, leadership engagement, and cross-functional coordination. When security is everyone’s responsibility—and supported by intelligent automation—the impact of inevitable mistakes can be minimized.
What practical steps can CISOs and IT leaders in the Middle East take today to improve their readiness for digital conflict or large-scale cyber disruptions?
The Middle East continues to face a higher-than-average threat volume, with 2,294 attacks per week per organization, outpacing global averages. The region is especially targeted with infostealers, remote access trojans, and botnets—predominantly delivered via email. For CISOs, the priority should be achieving full visibility across digital environments, including cloud, endpoints, and third-party connections. Fragmented toolsets must be replaced with unified security platforms that allow for automated response and real-time intelligence sharing.
Additionally, incident response plans should be regularly updated and tested, with a specific focus on supply chain dependencies and cross-border threats. Investing in regional threat intelligence and building local partnerships will strengthen collective defense. In today’s landscape, resilience planning is not optional—it’s the foundation for operational continuity, customer trust, and long-term growth.
