The UAE’s goal of becoming a global hub for business and innovation is driving digital transformation in the Middle East, with the governments of both individual emirates and the UAE as a whole pushing the adoption of digital technologies and services.
THE UAE Digital Government Strategy 2025, based on the OECD Digital Government Framework, calls for a framework that is inclusive, digital by design, resilient and open by default, and made up of 64 different digital initiatives organized into six pillars. The Unified Digital Platform (UDP), one part of the big picture, brings government services together under one common platform to eliminate paperwork and streamline bureaucracy. And the Smart Dubai Strategy 2021 calls for smart, resilient cities, a connected society, easy-to-use autonomous transportation, and a streamlined, connected government.
However, digital transformation initiatives have attracted the attention of increasingly sophisticated cyber attackers and put a strain on local resources. Existing IT workforces struggle to keep up with basic security efforts – such as patching – and organizations fail to recruit enough skilled cybersecurity professionals, says Irina Zinovkina, head of the Security Research Group of information at Positive Technologies.
“The UAE faces the emergence of complex attacks, the development of attack techniques, [and] malware that is difficult to detect. Last, but not least, it’s there [an] problem with lack of staff,” says Zinovkina. “To keep pace with digital transformation, organizations must identify and evaluate information assets that require protection, as well as determine events that could occur as a result of a cyber attack.”
The UAE is already seeing signs of a changing threat landscape, with More than 50,000 attacks target the country’s public sector every day. Government agencies aren’t alone: Over the past two years, the vast majority (87%) of Companies based in the United Arab Emirates have faced a cybersecurity incidentaccording to cybersecurity company Kaspersky.
A growing attack surface in the UAE
In a report on the threat landscape in the UAE, Abu Dhabi-based cybersecurity services firm CPX found more than 155,000 vulnerable assets while scanning the nation’s Internet space. It turns out that over the past five years in the UAE, 40% of the most critical vulnerabilities remain unpatched.
“Alarmingly, many of the exploited vulnerabilities are historical, indicating a gap in patch management practices,” a CPX spokesperson said in an email interview. “Timely and effective patch management is critical and can significantly reduce the risk posed by these vulnerabilities.”
The shortage of cybersecurity professionals in the UAE has made timely patching of software unrealistic in many cases. Indeed, technical professionals tend to be in short supply overall, with the country acknowledging that it is only 10% of the way towards its goal of increasing the “workforce in the federal government trained in modern technologies”, according to the Emirates Digital Government United Arabs. Strategy 2025.
“Attack surfaces in the UAE are constantly expanding with the growing adoption of technologies such as cloud computing, operational technology (OT) and artificial intelligence (AI), providing threat actors with greater opportunities to illegally infiltrate systems,” said the CPX spokesperson. “Cybersecurity transcends local, regional and global boundaries, necessitating a unified response.”
UAE’s advances attract cybercriminals
Digital transformation efforts have attracted the attention of cybercriminals.
In an analysis of more than 91 million messages and nearly 250 forums and Telegram channels, cybersecurity firm Positive Technologies found that the United Arab Emirates is the most mentioned country in the Gulf Cooperation Council (GCC), with 46 % of messages mentioning the United Arab Emirates, while Saudi Arabia ranked second, with 23% of messages referring to that country.
As cybercriminals increasingly use artificial intelligence technologies such as large language models (LLMs), their attacks are becoming more sophisticated, with fewer easy-to-detect campaigns, says Positive Technologies’ Zinovkina.
“All new technologies come with risks, especially in the security landscape,” he says. “[For] In the UAE, digital transformation in the country may face challenges such as integration complexities and data security issues.”
Another concern: While digital transformation can increase the attack surface, it also increases the impact of a successful attack on the country’s infrastructure.
The UAE has always been very forward-thinking commercially, and while increased digitalisation helps make the country a friendlier digital economy, it can also increase the potential for disruption in the event of a successful attack, says Jon Amato, senior analyst director at Gartner and chair of the Gartner Security and Risk Conference for the Middle East.
“Look at the classic example of the DDoS attacks against Estonia: they had a huge digital transformation initiative, and years ago [in 2007]“Digital transformation is definitely a part of that equation – it doesn’t increase the likelihood of something like this happening, but it definitely increases the impact.” does.”
More cloud-native security
Organizations in the UAE need to ensure that as services move to the cloud, cybersecurity follows, says Rich Davis, director of solutions strategy for cloud security firm Netskope.
Organizations in the Middle East still have legacy hardware devices that make the move to cloud-native digital transformation more challenging and difficult to secure.
Government agencies and private sector companies should adopt security as a service (SaaS) and infrastructure as a service (IaaS) tools and an overall zero trust model, Davis says.
“This security transformation moves security services from a central location to be aligned with the new services organizations are deploying to drive their digital transformation,” he says. “The main change we have seen is a shift in philosophy from the traditional perimeter security model, to one that assumes that data and applications are everywhere and that employees access them from anywhere.”
The shortage of cybersecurity professionals is also limiting the nation’s ability to manage the security of its cloud services and digital assets, a problem that’s not limited to the Middle East, says Gartner’s Amato.
“Where do you find the people who are knowledgeable enough to plan these things? How do you handle them?” he says. “Finding people will always be the biggest issue we see for security in the UAE, and pretty much anywhere else in the world.”