Cyber threats across the GCC are becoming more frequent and sophisticated, driven by the region’s rapid digital transformation and expanding infrastructure. Kaspersky’s latest regional intelligence reveals sharp increases in password stealers and spyware, underscoring the urgent need for cybersecurity models that are proactive, not reactive. At GITEX Global 2025, Emad Haffar, head of technical experts for the Middle East, Turkiye and Africa at Kaspersky, outlined how the company’s Cyber Immunity framework and KasperskyOS are designed to help enterprises build resilience from the ground up.
“The attacks we’re seeing today are largely mass market in nature,” Haffar said. “The objective is to target as many potential victims as possible to maximise the threat actors’ benefit. However, we’re also seeing a slight rise in targeted attacks, especially in the ransomware domain, where threat actors are shifting from broad-based campaigns to highly selective extortion models.”
Kaspersky’s recent telemetry shows a 21 per cent rise in password stealers and 34 per cent increase in spyware across the GCC. Haffar said this pattern reflects a widening scope of opportunistic attacks rather than a surge in advanced persistent threats. “The percentage tells you this is not being used as a targeting attack tool or medium, but rather an attempt to reach a wider audience,” he added.
Cyber immunity and the future of secure-by-design systems
One of Kaspersky’s core strategies for countering evolving threats is its Cyber Immunity concept, which underpins the design of KasperskyOS, an operating system built from the ground up for security-critical environments.
“When we introduced KasperskyOS and the whole concept of Cyber Immunity, we created an ecosystem that developers can use to build their own tools and solutions,” Haffar explained. “Right now, we’ve used it to release two or three different solutions, one of which is Kaspersky Thin Client, which we’re introducing in a new version during GITEX.”
While Kaspersky continues to expand its own secure products, Haffar said the company’s long-term goal is to encourage broader industry collaboration. “The door is open to developers from any part of the world to build their own solutions on top of KasperskyOS. This approach will take some time to become a major trend because it requires cooperation not only from the operating system vendor, but also from developers and end users.”
For Haffar, the shift toward cyber immunity represents a necessary reset in how organisations view security. “It’s about time to change the equation,” he said. “We need to build immune systems that can withstand, if not all, at least the vast majority of threats. Even if a tool or application is compromised, it should be completely isolated without affecting the entire running environment.”
Securing operational technology without downtime
In operational technology (OT) and industrial sectors, security adoption has historically lagged due to concerns over business continuity. “In any OT business, continuity is second to none,” Haffar said. “You cannot afford even one second of downtime in power generation or other critical infrastructure facilities.”
This challenge guided how Kaspersky designed its Industrial Security solutions. “Everything we offer can operate 100 per cent in passive mode,” he explained. “That means we can be in the environment just listening passively—mapping network activity, identifying communication flows, and providing a full picture of how engineering workstations and PLCs interact—without intervening in any industrial processes.”
Once operators are ready, the system can evolve from passive monitoring to controlled response. “When they feel comfortable, we can start introducing controls. The tool can block certain processes, provide analysis, and assist in decision-making,” Haffar said. “Flexibility is key. Operators can use it as ears in the environment first, and then decide when to act.”
Read: Kaspersky warns of surge in scams targeting iPhone 17 launch
Identifying the GCC’s most targeted sectors
Kaspersky’s regional threat intelligence data, drawn from its Kaspersky Security Network (KSN), provides a detailed picture of who is being targeted and how. “Government entities, critical infrastructure, military, finance, and telcos are the most targeted entities in the region,” said Haffar.
He attributes this to both the region’s rapid economic growth and its geopolitical relevance. “Threat actors want to capitalise on the region’s economic expansion and technological adoption,” he said. “Government services, critical infrastructure, and national institutions have all seen huge development, which creates opportunities for threat actors.”
Haffar also emphasised the importance of localised threat intelligence in guiding Kaspersky’s product strategy. “Because we have a solid footprint in the GCC and wider META region, we can translate that visibility into actionable threat intelligence,” he said. “We don’t just provide random intel; we customise it for the region by addressing the threat actors and risks specific to the Middle East.”
This intelligence is delivered in both machine-readable and human-readable formats, allowing enterprises to integrate it directly into their own SOC systems or use it for research and incident response. “It’s a complete cycle,” Haffar added. “The more visibility we have, the better we can generate relevant intelligence that feeds back into both our solutions and those of our clients.”
Data sovereignty and trusted partnerships
Regional partnerships and regulatory alignment form another key pillar of Kaspersky’s strategy. “We have a very close relationships with regulators across the region,” said Haffar. “We’ve signed MOUs with cybersecurity councils in the UAE and Saudi Arabia, and maintain active dialogue with regulators across the region.”
He noted that data sovereignty is one of the defining requirements of cybersecurity solutions in the Gulf. “Unlike Europe or the US, where cloud-first models dominate, regional clients want full control over their data,” he explained. “Anything we provide can operate 100 per cent on-premises, without any link to external sources, while maintaining the same efficiency as an online system.”
By designing its systems with sovereignty and interoperability in mind, Kaspersky aims to bridge the trust gap that often accompanies new technology adoption. “Our goal is to ensure clients not only comply with regulations but also maintain full operational autonomy,” said Haffar.
Kaspersky’s message to regional enterprises is clear: cybersecurity can no longer be an afterthought. Through its focus on cyber immunity, localised threat intelligence, and regulatory collaboration, the company is helping redefine what it means to be secure in an era of digital dependence. For the Middle East, where the stakes of downtime or data loss are higher than ever, building immunity—not just defence—may define the next decade of cybersecurity innovation.
